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time of a copying operation in the personal computer, data scrambled based on a key is transmitted back, and a key 
for descrambling is not transmitted back, thus preventing the copying operation (the copying operation is performed, 
but since the descrambling is not effected, the copying operation makes no sense). 

[0009] Furthermore, regarding the second problem, it is possible to classify a device capable of descrambling and 
5 a device incapable of descrambling by producing disks which are differently scrambled depending on the contents of 
the disks. Thus, the scrambling (encrypting) of the recorded data is effective on the two aforementioned problems. 
However, another problem is a method for descrambling data or how to specify a key for descrambling data. 
[0010] As a first conventional example for encrypting in a data field, a system of recording an encrypting key in a 
main data field of a sector different from an encrypted data sector was proposed in a CD-ROM in Figure 3 of Japanese 
10 Laid-Open Patent Publication No. 7-249264. In this conventional example, data reproduction is realized by recording 
encrypted data and an encrypting key thereof in the CD-ROM at the time of recording, and decrypting the encrypted 
data after executing a reading command of the encrypting key from a personal computer to a reproducing device at 
the time of reproducing. This method has an advantage in that the encrypting key can be easily changed. 
[001 1] Furthermore, as a second conventional example, as shown in Figure 3 of Japanese Laid Open Patent Pub- 
15 lication No. 7-85574, a system of recording an encrypting key in an area in a disk which the optical head of the repro- 
ducing device does not scan was proposed. In this conventional example, since the encrypting key is prevented from 
being read from a general personal computer, the encrypting key is not copied in a copying operation, and thus an 
illegal copying operation makes no sense. 

[0012] However, since the encrypting key of the first conventional example is recorded in the main data field of the 
20 sector, it is possible to easily read the encrypting key used at the time of recording the disk from a general personal 
computer. Therefore, since users can read the encrypting key and the encrypted data, it is highly possible to decrypt 
the encrypting. 

[0013] Furthermore, in the second conventional example, the encrypting key Is recorded in the area which the optical 
head of the reproducing device does not scan. In order to read the encrypting key, therefore, reading means dedicated 
25 to reading the encrypting key is required, in addition to reading means for reading data from the data recorded area, 
thus causing a problem. 

[0014] The present invention has an objective of providing an information recording medium having a data structure 
which ensures the prevention of the content recorded in the information recording medium from being illegally copied 
so as to realize secured copyright protection, an information reproducing device capable of reproducing data from the 
30 information recording medium without providing a special data reading means, and solving the first and second prob- 
lems, and a method for reproducing information. 

[0015] Reference may be made to EP-A-0536764 which describes a disc-shaped recording medium capable of being 
rewritten comprising a lead-in area which is provided in the inner rim of the disc-shaped recording medium and in which 
information concerning the disc-shaped recording medium is pre-recorded; a data area which is provided in the outer 
35 periphery of lead-in area and which is capable of recording data; and a lead-out area which is provided in the outer 
periphery of the data area and which indicates the end of the data area the lead-out area being a recordable area the 
same as data area. 

[0016] Reference may also be made to JP-A-07085574 which describes a technique essentially the same as the 
second conventional example described above. Main data obtained by ciphering its original data based on key infor- 

40 mation is recorded in a data recording area of the optical disk, and the key information is recorded in a region not 
scannable by the usual optical head of a reproduction device. Then, the key information is read out by a dedicated key 
information reading means distinct from the optical head of the reproducing device, and a deciphering method is settled 
by a deciphering means based on this key information, and then the main data is deciphered by this settled deciphering 
method to reproduce the original data. 

45 [001 7] Reference may also be made to Laferriere C. et al, "Authentication and authorization techniques in distributed 
systems-, Security Technology, 1 993 Security Technology Proceedings, Institute of Electrical and Electronics Engineers 
1993. Canada 13-15 October 1991. In this paper several techniques are described to perform the authentication of 
user identity and the granting of proper authorization in distributed environments: 1- user login and routing constraints 
at the network level; 2- special purpose, challenge-response systems; 3- private key based systems such as Kerberos; 

so and 4- public key based systems with SmartCards. This paper describes and discusses the strengths and weaknesses 
(i.e. , residual vulnerabilities) of each technique and provides guidance with respect to their applicability and deployment. 
[001 8] Reference may also be made to B. Schneider, "Applied Cryptography", John Wiley & Sons 1 994, pages 42-65 
and 180-181. The former passage describes protocols, strengths and weaknesses of communications techniques 
between different parties over an insecure network, using session keys. The latter passage summarises, extremely 

55 briefly, the difficulties and requirements affecting encryption of data for storage. 
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DISCLOSURE OF THE INVENTION 
[0019] The present invention is defined in the claims. 
BRIEF DESCRIPTION OF THE DRAWINGS 
[0020] 

Figure 1 is a view showing a data structure of an information recording medium according to the 

S^SLt? <b) ° f F $ 2 ViSWS Sh0Wi " 9 ,he S,rUC,ure of scramble information recorded in a lead-in area 
of the information recording medium shown in Figure 1 . 

SHH* ' ^ Sh ° W '' n9 ° f a " infonTOtion rec ° rdir * according to the present 

Son! 8 3 b,0Ck dl ' a9rarT ' Sh0W ' n9 3 Stm ° tUre ° f a " information reproducing device acceding to the present 

P^sen«?ve a n b L 0 n Ck dia9ram ShOW ' n9 Sli " °' 3 " " 1f ° rmafcn "I**"* -ice according to the 

Snul'n^ dia9ram Sh ° Win9 ^ an ° ther S,rUC,Ure ° f a " inf ~>" "W* *"» according to the 
i^L?^'^^ 

Portions (a) to (c) of Figure 9 are views showing an exemplary scramble-processing method. 
« SSl^SSS" 10 " Vi8WS Sh ° Win9 3 ^ S,mCtUre ° f a " informa,fon — *■ — «, according 

£££Z ^ ° f R9Ure 11 VfeWS Sh0Wi " 9 3 ^ StrUC,Ure ° f 3 director V recording in a volume-file man- 
Portion (d) of Figure 11 is a view showing a data structure of a scramble information sector. 
Portion (e) of Figure 11 is a view showing a data structure of a scrambled sector. 
Portion (f) of Figure 11 is a view showing a data structure of a non-scramble information sector. 
Portions (a) to (c) of Figure 12 are views showing an exemplary scramble system. 

a P g 0 em°e n n» area. * * ^ " *** 3 *** SM "> of a * —ding in a volume-file man- 

Portion (d) of Figure 13 is a view showing a data structure of a scramble information sector. 
Portion (e) of Figure 13 is a view showing a data structure of a scrambled sector. 
Portion (f) of Figure 13 is a view showing a data structure of a non-scrambled sector. 

inS^ 
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Figure 15 is a block diagram showing a structure of an optical disk drive 509 included in the information reproducing 
device 500. 

Figure 16 is a block diagram showing a structure of an AV decoder card 507 included in the information reproducing 
5 device 500. 

Figure 17 is a block diagram showing a structure of an information reproducing device 800 according to the present 
invention. 

10 Figure 18 is a block diagram showing a structure of an SCSI control circuit incorporated AV decoder card 801 

included in the information reproducing device 800. 

Figure 19 is a block diagram showing a structure of an information reproducing device (optical disk player) 1000 
according to the present invention. 

75 

Figure 20 is a block diagram showing a structure of a descramble circuit 1106. 

Figure 21 is a flow chart showing a procedure of a descramble-processing executed by the descramble circuit 1 106. 
20 Figure 22 is a block diagram showing a structure of a descramble circuit 1308. 

Figure 23 is a flow chart showing a procedure of a descramble-processing executed by the descramble circuit 1 308. 
Figure 24 is a block diagram showing a structure of a decoder authentication circuit 601. 
Figure 25 is a biock diagram showing a structure of a drive authentication circuit 701. 

Figure 26 is a flow chart illustrating mutual authentication processing between the optical disk drive 509 and the 
AV decoder card 507 or the SCSI control circuit incorporated AV decoder card 801 . 
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BEST MODE FOR CARRYING OUT THE INVENTION 



[0021] Hereinafter, the present invention will be described by way of embodiments with reference to the accompa- 
nying drawings. 

35 

(First Embodiment) 



[0022] Figure 1 shows a data structure of an information recording medium according to the present invention. 
[0023] Generally, information recording areas where some information is recorded on a disk are roughly classified 
40 jnto a lead-in area where control information is mainly recorded and a data recording area where user data is recorded. 
In addition, the data recording area is generally partitioned into a unit referred to as a sector. Herein, a disk reproducing 
device can directly access the lead-in area, but devices other than the disk reproducing device (e.g., a personal com- 
puter) cannot access the lead-in area. 

[0024] Each sector includes a header field where a sector ID (Identifier) for identifying the sector or the like is recorded, 
45 a user data field where user data is recorded, and an ECC (Error Correction Code) field where a code for correcting 
readout errors at the time of reproduction is recorded. In this embodiment, the user data recorded in the user data field 
in the sector is subjected to scramble-processing. Therefore, it is necessary to identify the scramble-processing method 
which is performed with respect to the user data in order for the information reproducing device to correctly reproduce 
the user data from the disk shown in Figure 1 . 
so [0025] In a predetermined location in the lead-in area of the disk in Figure 1 , information which determines a scramble- 
processing method which is performed with respect to the user data (hereinafter, referred to as "scramble information" 
in this specification) is recorded. The information reproducing device reads the area where the scramble information 
is recorded, interprets the scramble information and performs descramble-processing in accordance with the scramble 
information with respect to the user data. Thus, it is possible to correctly reproduce the user data. 
55 [0026] Hereinafter, an example of a scramble-processing method which is generally known will be described with 
reference to Figure 9. 

[0027] Portion (a) of Figure 9 shows that one sector consists of a sector ID field, a user data field of 2048 bytes and 
an ECC field. A data byte sequence D 0 , D t , — and D 20 47 is recorded in the user data field. The data byte sequence 
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D 0 , Dl - and D 2047 is obtained by a logical operation of a data byte sequence DV DV •» and DW to be recorded 

£ ^ssr^? and ^ do : number sequence s » s » - and c^SSSS 

s"^L initi^Tue 9 r " " Umber S6qUenCe S °' Sl * SjM7 iS UniqUe ' y determined b * a 

SS2Ll?Vr^£iS So • 8,1 and S ™' baSed 0n a P^etermined bit string in 

TJ£% . c" ? u S P redeterm,ned loca «»" in the sector ID), a table as shown in portion (b) of Figure 9 

nn£ % For ° xam f te - ,n the 0886 where «he three bits in the predetermined location in the sector ID are (0 0 1) 
100Fh is obtained as the initial value according to the table, and the random number sequence B fl> B, - and B™, 
(corresponding to S 0 ,S 1f - and S 2047 ) is uniquely determined. 0 1 2047 

^ a fl m J!L^f 9e T" n9 tne / a " d ° m " Umber Sequence S o- «i. - and S 2 047 from the supplied initial value, 
for example, a method of employing a shift register as shown in portion (c) of Figure 9 is known 

nrSrtlrmlVK? mb ^ kT 88 '" 9 m6th ° d - " ' S P ° SS ' b,e ,0 employ other methods such as a ™thod of replacing a 
predetermined bit in the byte sequence in the user data. The following description is made by taking the scramble- 
processing method described with reference to Figure 9 as an example 

K disk s^ inF7gureT CtUre " * M * * "—««"*»- in the lead-in area 

?22 fn AS Sh T POr, !° r ! (3) ° f F ' 9Ure * thiS example> * e scramble '"formation is an identifier for designating 
VZt££FT° a " T- Va , ,US f ° r 3 rand ° m nUmber Sequence 10 be used in scramble-processing. It is assumed 
? " ' specrfym 9 the scramble-processing method other than the table is previously defined 

E F ° r h eXample ' J 8 °i" te " t J >f ,he SCramble information of d • 0) indites that, among four tables previously 
2S?£ P °?° n (b) ° f f i9Ure 2 ' ,ab,e 2 is used for 'he scramble-processing. The information reproducing 

d!™ 3 . 8 mem0,y 8 ° nn9 th8 f ° Ur t3b,eS Sh ° Wn in POrti0n < b > of F, '9 ure 2 - an ° switches the table to be used for 
tr^T le - process,n 9 ,' n """dance with the scramble information. Thus, it is possible to correctly execute the de- 
scramble-processing with respect to the user data. 

522, rl^Tn 3 Sh ° wsan ° ther data suture of the disk according to the present invention. An initial value table is 
t o^Z^T h ad "' n '" n the diSk ShOWn in Fi9Ure 3 ' The user data w "ich is subjected to scramble! 
= ,h 9 fa °. m nUmber SeqUenCe 9 enerated bv usin 9 the initial value table is recorded in the data recording 

area ,n the disk. Herein. ,t ,s assumed that other parameters which the scramble-processing method shown in Figure 
3 has are uniquely determined in advance. snown in ngure 

EL?h! ^ 0 T ati ,° n ?Z° d> ^ 9 d6Vi0e feadS thS initial Va,ue tab,e recorded in ^ lead-in area in the disk, and 
Va ^ b,e : J? ereafter ' the informatto n reproducing device sets a descramble-processing p oce- 
nr™ „ f ™ h ° ' nitla ' Va,US table ' and descrarn t"ss the user data in accordance with the descramble- 

P «««f 9 procedure - ^"s- " is Possible to correctly reproduce the scrambled user data 

h?™^ 6 "™ 6, ^ ° an reproduced °V an information reproducing device which only has a specific 
descramble-processing procedure, only in the case where the initial value table of the disk is matched with that of the 
informal™ reproducing device. It is impossible to correctly reproduce in other cases than that 
™ J!!!!!" b0di r n,deSC K bed ab ° Ve " aS dem onstrated a method of changing the initial value table of the random 
numbe sequence in the scramble-processing method shown in Figure 9. However, the scramble-processing method 
shown in F| 9 ure 9 is not necessarily used, and a totally different scramble-processing method can be used. Furthermore 
n the scramble-processing method shown in Figure 9. a variety of parameters which can be changed exist, other Z 
Ta ZVr nL U n t h ^ ,0 86,601 " Strin9 for reference to the initial value teb,e ^ a structure of a shift 

pT^; 8 ^^^ 

tit 8 ™i b , ed ab ° V6> aCCOrding to the information recording medium of the present invention, it is possible to 
change the scramble-processing method depending on the use and whether or not copying is permitted As a resutt 

cLTbeXenSr ^ rePr ° dUCti ° n * " indU8trial "* by 6 C ° nSUmer d ' Sk reprodu <^ device > a " d ^ copyirtg 
(Second Embodiment) 

[0039] Figure 4 shows a structure of an information reproducing device according to the present invention The 

SSUSi d e s P k°3 Cm9 d6ViCe inC ' Ud6S 8 ^ COmpUter 1 and a disk reproduci "9 davica ^ for reproducing dataTe* 

[0040] The host computer 1 includes an interface section (l/F section) 4, an AV decoder 6 for decoding video infor- 

Sr^nto H aV6 3 T- m f' Ch ,h6 Vid6 ° inf ° rmati0n ^ displa y ed " a video 8 f°r supply'g the vSeo 
nformatiort to a d.splay dev,ce 7. a CPU 10 and an internal memory 11 such as a DRAM (Dynamic Random Access 

of the°S e T o h K V,d H 6 ° a b0ard *■ *• h PU 10 3nd th6 intemal memory 11 are interconnected via a data bus 7^ 
of the video board 8 ,s connected to the display device (output device) 7. A hard disk drive 12 is connected to the 
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• 

interface section 4. 

[0041 ] A disk reproducing device 2 includes an interface section 5; a data reproduction section 13 including a mech- 
anism for reading data from a disk 3, a signal processing circuit, a controller and the like; and a microprocessor 14 for 
controlling the disk reproducing device 2. 

5 [0042] The host computer 1 and the disk reproducing device 2 are connected via the interface sections 4 and 5. For 
example, the interface sections 4 and 5 can be connected by an existing interface such as an SCSI (Small Computer 
System Interface), an ATAPI (At Attachment Packet Interface) or the like, or a specially defined interface for its own. 
[0043] The disk reproducing device 2 reads scramble information recorded in the lead-in area in the disk 3 at the 
time of reset of the disk reproducing device 2 and at the time of replacement of the disk 3, interprets the scramble 

10 information and sets a descramble-processing procedure in accordance with the scramble information in the data 
reproduction section 13. 

[0044] In order to display the user data recorded in the data recording area in the disk 3 in the output device 7, the 
host computer 1 issues a reproduction only command (hereinafter, referred to as a PLAY AV command) to the disk 
reproducing device 2 via interface sections 4 and 5. In response to the PLAY AV command, the disk reproducing device 
is 2 transmits the user data which is subjected to the descramble-processing in accordance with the scramble information 
to the host computer 1 . 

[0045] The interface section 4 of the host computer 1 does not transmit the user data received from the disk repro- 
ducing device 2 by using the PLAY AV command to the data bus 9, but only transmits to the AV decoder 6. Therefore, 
it is impossible to record the user data obtained by using the PLAY AV command in a rewritable medium such as the 

20 hard disk drive 12 connected to the host computer 1 . 

[0046] The host computer 1 issues a data readout command (hereinafter, referred to as READ command) in the 
case where it is necessary to record the user data recorded in the data recording area in the disk 3 to the hard disk 
drive 12 and the internal memory 11. In response to the READ command, the disk reproducing device 2 determines 
whether or not copying of the disk 3 is permitted, based on previously retained scramble information. The disk repro- 

25 ducing device 2 behaves differently depending on whether or not the scramble system specified by the scramble 
information is a type whose copying is permitted. 

[0047] In the case where the disk reproducing device 2 determines that copying of the disk 3 is permitted, correct 
user data which has been subjected to the descramble-processing in accordance with the scramble information read 
from the lead-in area in the disk 3, at the time of the start-up operation of the disk reproducing device 2, is transmitted 

30 to the host computer 1 . On the other hand, in the case where the disk reproducing device 2 determines that the copying 
of the disk 3 is prohibited, erroneous user data which has been subjected to descramble-processing inconsistent with 
the scramble information is transmitted to the host computer 1 . Alternatively, it is possible to prevent the disk reproducing 
device 2 from transmitting back correct data to the host computer 1 by conducting an error processing or the like. Thus, 
illegal copying can be prevented. 

35 [0048] There are a variety of methods for obtaining information whether or not copying of the disk 3 is permitted 
(hereinafter, referred to as copy permission information). For example, in the case where the copy permission infor- 
mation is recorded in a predetermined area in the disk 3, the disk reproducing device 2 can read the copy permission 
information from the predetermined area in the disk 3. Alternatively, in the case where the scramble-processing system 
is limited, depending on the copy permission information, the copy permission information can be specified by the read 

40 scramble information. 

[0049] Alternatively, the copy permission information can be represented by a part of the scramble information. For 
example, in the case where the scramble information consists of a plurality of bits, it is possible to allow one bit of the 
plurality of bits to represent the copy permission information. Thus, the scramble information can be used in order to 
definitively differentiate the scramble system for data which is permitted to be copied from the scramble system for 
45 data which is prohibited from being copied. Therefore, by reading the scramble information from the disk 3, it is possible 
to determine whether or not copying is permitted. In the following description, copy permission information is repre- 
sented by a part of the scramble information. 

[0050] Figure 5 shows another structure of an information reproducing device according to the present invention. In 
the information reproducing device in Figure 5, the AV decoder 6 and the interface section 4 which are independent 
50 from each other in the host computer 1 in Figure 4 are integrated. The structure of other components is the same as 
that of the information reproducing device in Figure 4. 

[0051] When a PLAY AV command is issued from the host computer 1 , the user data having been subjected to the 
descramble-processing in accordance with the scramble information is transmitted from the disk reproducing device 
2 to the host computer 1 . The user data is AV-decoded by the AV decoder 6, and then directly input to the video board 
55 8. Other operations are the same as those in the information reproducing device in the embodiment described with 
reference to Figure 4. 

[0052] Figure 6 shows another structure of the information reproducing device according to the present invention. 
The information reproducing device in Figure 6 includes an interface section 4b integrated with an AV decoder 6 and 
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an interface section 4a which is independent of the interface section 4b. The structure of other components is the same 
as that of the information reproducing device in Figure 5. 

[0053] A PLAY AV command is only issued from the interface section 4b in the AV decoder 6. On the other hand, a 
READ command is issued from the interface section 4a independent of the interface section 4b. Since the other op- 
erations are the same as those in the information reproducing device in the embodiment described with reference to 
Figure 4, the explanation will be omitted. 

[0054] Figure 7 shows another structure of the information reproducing device according to the present invention. 
In the information reproducing device in Figure 7, an AV decoder 6 for converting the form of data to a form in which 
the data can be displayed is incorporated into the disk reproducing device 2. Therefore, it is not necessary to connect 
the disk reproducing device 2 to the host computer 1. 

[0055] Hereinafter, the operation of the information reproducing device of this structure will be described. In the disk 
reproducing device 2 in Figure 7, a microprocessor 14 reads scramble information from the disk shown in Figure 1, 
interprets the scramble information and performs descramble-processing to the user data in accordance with the scram- 
ble information. The user data having been subjected the descramble-processing is supplied to the AV decoder 6. The 
user data is AV-decoded by the AV decoder 6, and outputs to the output device 7. Thus, it is possible to reproduce the 
user data recorded in the disk 3. 

[0056] However, in the case where scramble information, which is not preferable to be reproduced by the disk re- 
producing device 2, is recorded on the disk 3, it is possible for the disk reproducing device 2 not to perform correct 
reproduction. For example, it is assumed that the disk 3 is an industrial disk for use in Karaoke. In this case, in the 
case where the disk 3 is mounted on a consumer disk reproducing device, it is possible to prevent the consumer disk 
reproducing device from performing reproduction of the data recorded in the disk 3. This is because the consumer disk 
reproducing device can determine from the scramble information recorded in the disk 3 whether or not the scramble- 
processing method is used for the consumer disk. Thus, by restricting the scramble-processing method which can be 
used, depending on the use of the disk 3, it is possible for the disk reproducing device 2 to determine whether or not 
the data recorded in the disk 3 should be reproduced, based on the scramble information. 

[0057] Furthermore, for a disk reproducing device which can perform only a specific descramble-processing, by 
producing a disk where data is scrambled by a scramble method not corresponding to the descramble-processing is 
recorded, it is possible to prevent the disk reproducing device from reproducing data recorded in the disk. 
[0058] Figure 8 shows a structure of an information reproducing device according to the present invention. The 
information reproducing device includes a host computer 1 and a disk reproducing device 11. The host computer 1 is 
not shown in Figure 8. The structure of the host computer 1 is the same as those of the host computers 1 in Figures 4 to 6. 
[0059] The disk reproducing device 11 includes an interface section (IF section) 5, a data reproduction section 13 
for reading data recorded in the disk 3, a microprocessor 14 for controlling the disk reproducing device 1 1 , a descramble 
circuit section 15, a demodulation and error correction section 16, a ROM (Read Only Memory) 17 for storing a program 
which is to be executed by the microprocessor 14 or the like, and a data processing RAM (Random Access Memory) 
20. The interface section 5, the data reproduction section 13. the microprocessor 14, the descramble circuit section 
1 5, the demodulation and error correction section 1 6 and the data processing RAM 20 are interconnected via an internal 
data bus 19. The descramble circuit section 15 includes an initial value table storing memory 18. 
[0060] The microprocessor 1 4 reads the scramble information from the disk 3 at the time of introduction of the power 
or the replacement of the disk 3, and interprets the scramble information. 

[0061] In the case where the disk 3 has the data structure shown in Figure 2, the microprocessor 14 selects one 
initial value table from a plurality of initial value tables previously stored in the ROM 17 in accordance with the content 
of the scramble information. The microprocessor 14 allows a selected initial value table to be stored in the initial value 
table storing memory 18 in the descramble circuit section 15. The initial value table storing memory 18 can be, for 
example, a RAM. Alternatively, in the case where the initial value table storing memory 1 8 is a ROM, a plurality of initial 
value tables can be previously stored in the ROM. 

[0062] When the host computer 1 issues a PLAY AV command, the PLAY AV command is input to the microprocessor 
14 via the interface section 5 in the disk reproducing device 2. In response to the PLAY AV command, the microproc- 
essor 1 4 instructs the descramble circuit section 1 5 so as to perform descramble-processing with respect to the scram- 
bled user data. The descramble circuit section 15 performs the descramble-processing in accordance with the initial 
value table stored in the initial value table storing memory 18. The data having been subjected to the descramble- 
processing is transmitted to the host computer 1 via the interface section 5. Thus, the data recorded in the disk 3 can 
be reproduced. 

[0063] On the other hand, when the host computer 1 issues a READ command, the READ command is input to the 
microprocessor 14 via the interface section 5 in the disk reproducing device 11. At this time, the microprocessor 14 
determines from the scramble information previously read from the disk 3 whether or not copying is permitted in the 
scramble system. In the case where the microprocessor determines that copying is prohibited, an initial value table 
different from the initial value table corresponding to the scramble information is set in the descramble circuit section 
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15. Alternatively, the microprocessor 14 can transmit back an error to the host computer 1 without setting the initial 
value table in the descramble circuit section 15. Thus, it is possible to prevent data recorded in the disk 3 from being 
reproduced. 

[0064] Furthermore, in the case where the microprocessor 14 determines from the scramble information that copying 
is permitted and in the case where the disk 3 has the data structure shown in Figure 3, the microprocessor 14 reads 
an initial value table from the lead-in area in the disk 3, and allows the initial value table to be stored in the initial value 
table storing memory 18 in the descramble circuit section 15. The initial value table storing memory 18 is rewritable 
memory (e.g., an RAM). The description of other processings is omitted because they are the same as those in the 
case where the disk 3 has the data structure shown in Figure 2. 

[0065] As described above, according to the information reproducing device of the present invention, it is possible 
to change the descramble-processing method depending on the scramble information recorded in the information 
recording medium. Thus, it is possible to correctly reproduce data scrambled by a plurality of kinds of different scramble- 
processing methods. 

[0066] Furthermore, according to the information reproducing device of the present invention, it is possible to deter- 
mine whether or not to reproduce the data recorded in the information recording medium depending on the scramble 
information recorded in the information recording medium. As a result, illegal copying can be prevented, and thus the 
copyright of the data recorded in the information recording medium can be protected. 

(Third Embodiment) 

[0067] Portion (a) of Figure 10 shows a data structure of an information recording medium according to the present 
invention. The information recording area where some data is recorded on the information recording medium includes 
a lead-in area, a data recording area and a lead-out area. In the lead-in area, information necessary for the information 
reproducing device to reproduce the information recording medium is recorded. In the data recording area, primarily, 
data such as program data useful for the user and AV data is recorded. 

[0068] Portion (b) of Figure 1 0 shows a data structure of a control data area recorded in the lead-in area. The control 
data area includes a physical information sector and a scramble information sector. In the physical information sector, 
physical data of the disk such as a disk diameter, a disk structure, a recording density or the like are recorded. In the 
scramble information sector, information on a scramble system which has been used on the data recorded in the data 
recording area of the information recording medium or the like is recorded. The scramble information sector is referred 
to in order for the information reproducing device to perform descramble-processing. The scramble information sector 
will be described in detail with reference to the accompanying drawings later. 

[0069] Portion (c) of Figure 10 shows a data structure of a volume-file management area. In this embodiment, the 
data structure of the volume-file management area is compliant with International Standard Organization (ISO) 9660. 
The ISO 9660 is adopted in CD-ROM (Compact Disk-Read Only memory). 

[0070] The volume-file management area includes a volume descriptor, a path table and a directory record. 
[0071] In the volume descriptor, the size of the volume space and information on recording location of the path table, 
information on recording location of the directory record, information on disk production date or the like are recorded. 
In the path table, a table which allows paths of all directories existing on the information recording medium to correspond 
to the recording location information is recorded. In the directory record, information on an identifier of each director 
or file (generally a directory title or a file title), information on recording location of data, the size of the file, properties 
or the like are recorded. 

[0072] Portion (d) of Figure 10 shows a further detailed data structure of the directory record. In a directory record 
for a root directory, a property and an identifier of the root directory, a production date or the like are recorded. Fur- 
thermore, in the directory record for the root directory (first sector), information on recording location of the directory 
is recorded. In the directory record for the root directory (second sector), similar information is recorded. In addition, 
in a directory record for file A, information on recording location of data of file A, a data length, information on the 
identifier for the file, a copyright managing identifier or the like are recorded. Thus, the plurality of directories form a 
hierarchy. The root directory is a directory located on the top of the hierarchy. This will de described in detail with 
reference to the accompanying drawings later. 

[0073] In the data recording area, a file which is scrambled and a file which is not scrambled are recorded. For 
example, scrambled files A and C are scrambled files, and non-scrambled file B is a file which is not scrambled. It is 
preferable that a file storing AV data whose copyright should be protected is a scrambled file. 
[0074] Portion (e) of Figure 10 shows a data structure of the scrambled file A. The file A is partitioned into a plurality 
of continuous sectors starting from a sector n. Data stored in each of the plurality of sectors is subjected to scramble- 
processing. Hereinafter, in this specification, the sector storing data having been subjected to the scramble-processing 
is referred to as "a scrambled sector". 

[0075] Portion (f) of Figure 10 shows a data structure of the non-scrambled file B. The file B is partitioned into a 
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plurality of continuous sectors starting from a sector m. Data stored in each of the plurality of sectors is not subjected 
to the scramble-processing. Hereinafter, in this specification, the sector storing data not subjected to the scramble- 
processing is referred to as "a non-scrambled sector". 

[0076] Portions (a) to (c) of Figure 11 show a data structure of the directory record in the volume-file management 
5 area. The directory record includes a directory record length, file recording location information, a file data length, a 
file identifier and copyright managing information. 

[0077] The directory record length is information showing the size of the directory record of the file (or directory). 
The file recording location information is information showing a location from which the sector having data of the file 
recorded (hereinafter, referred to as an extent) starts. The file data length is information showing the number of sectors 
10 constituting the file. The file identifier is identification information for identifying the file (file title). The copyright managing 
information is information regarding the copyright management of the file. 

[0078] The copyright managing Information includes a scramble flag field and a scramble system field. In the scramble 
flag field is recorded a flag for indicating whether or not data in the file has been subjected to the scramble-processing. 
In the case where data in the file has been subjected to the scramble-processing, a flag having value 1 is recorded in 

15 the scramble flag field. In the case where data in the file has not been subjected to the scramble-processing, a flag 
having value 0 is recorded in the scramble flag field. Therefore, by referring to the scramble flag field, it can be deter- 
mined whether or not the data in the file has been subjected to the scramble-processing. In the scramble system field 
is recorded an identifier for indicating a system of the scramble-processing which has been performed to the data in 
the file. Therefore, by referring to the scramble system field, the scramble-processing which has been performed to 

20 the data can be determined in a unit of file. 

[0079] Hereinafter, referring to portions (d) to (f) of Figure 11, an exemplary scramble system will be described. A 
scramble system identifier corresponding to this scramble system is set as 1 . 

[0080] Portion (d) of Figure 11 shows a data structure of a scramble information sector recorded in a control data 
area in a lead-in area. The scramble information sector includes a sector header field and a main data field. 

25 [0081] The sector header field of the scramble information sector includes an address field where an identifier for 
the information reproducing device to identify the sector is recorded, a scramble system field where information for 
specifying the scramble system performed to the information recording area (as described above, the scramble system 
of this example is set as 1) is recorded, and a mutual authentication key field where a mutual authentication key for 
use in authentication processing for determining whether or not the information reproducing device should supply data 

30 subjected to copyright protection to an apparatus requiring transfer of reproduction data (hereinafter, referred to as 
mutual authentication processing). The mutual authentication processing will be described in detail later. 
[0082] In the main data field of the scramble information sector is recorded a table for determining a random number 
sequence to be used at the time of scramble-processing from a key for scrambling. Therefore, it is not until the infor- 
mation reproducing device uses the table recorded in the scramble information sector and the key for the scrambling 

35 that descramble-processing can be performed. Hereinafter, the initial value for determining the random number se- 
quence is referred to as preset data. 

[0083] Portion (e) of Figure 1 1 shows a data structure of a scrambled sector in the data recording area. The sector 
header field in the scrambled sector includes an address field, a scramble flag field where a flag for identifying whether 
or not the scramble-processing has been performed to the main data field in the sector, a seed key field where the key 

40 used at the time of scrambling (hereinafter, referred to as a seed key) is recorded, and a use identifying information 
field where information for identifying use of the file is recorded. In the scramble flag field is recorded value 1 indicating 
that scramble-processing has been performed. In the seed key field Is recorded a key to be used for descramble- 
processing for the main data field. Furthermore, in the use identifying information field is recorded information on the 
use of the recorded data such as industrial use or consumer use, and is recorded information indicating a reproduction 

45 restriction in the case where the use of the information reproducing device is different from the use identifying infor- 
mation. Furthermore, in the main data field is recorded data having been subjected to the scramble-processing deter- 
mined by a scramble system specified by the scramble information sector in the lead-in area and the seed key in the 
sector header field in the scrambled sector. More specifically, a preset data is determined based on the value recorded 
in the seed key field and referring to the table in the scramble information sector. Then, by using the random number 

so sequence determined by the preset data, scramble/descramble-processing is possible. In the following description, 
the seed key is the same for every file. 

[0084] On the other hand, the sector header in the non-scrambled sector includes an address field and a scramble 
flag field. In the scramble flag field is recorded a value 0 Indicating that the scramble-processing has not been performed 
to the main data field in the sector. Therefore, the information reproducing device can easily recognize that it is unnec- 
55 essary to perform descramble-processing by detecting the value 0 in the scramble flag field. 
[0085] Next, referring to Figure 12, an exemplary scramble system will be described. 

[0086] Portion (a) of Figure 12 shows that, by performing a logical operation of data sequence Dj (j is an integer from 
0 to 2047) of 8 bits and a random number sequence Sj of 8 bits generated based on a certain initial value, scrambled 
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data SDj is obtained. More specifically, a preset data of 1 5 bits determined by the scramble information sector recorded 
in the lead-in area and the seed key in the sector header field in each sector is set in a shift register 301, and an 
exclusive OR of the most significant bits r 14 and r 10 is put to the bit 0 while shifting to the direction of most significant 
bits. Thus, the random number sequence Sj is generated. Herein, the bit in the bit location r 0 is input to a logical 

5 operation block 302 for every one bit shift, and a value of 8 bits input to the logical operation block 302 for eight shifts 
is set as Sj. By the logical operation (e.g., exclusive OR or the like) of Sj obtained in this manner and recorded data of 
8 bits, data SDj after scrambling is obtained. When the size of the main data in one sector is 2048 bytes, scramble- 
processing in one sector can be performed by repeating the aforementioned procedure 2048 times from SD 0 to SD2047- 
[0087] Furthermore, portions (b) and (c) of Figure 12 show conversion from the scramble information sector to a 

10 table for determining preset data. In the scramble information sector shown in portion (b) of Figure 12. four entries of 
the table are recorded, and each entry consists of a set of a seed key and preset data. These sets are tabled to obtain 
the table shown in portion (c) of Figure 12. For example, when the seed key recorded in the sector header is 01b (b 
means binary number), 0077h (h means hexadecimal number) as preset data is set in the shift register 301 in portion 
(a) of Figure 12 as the initial value, and the aforementioned shift operation and the logical operation are performed. 

is Thus, scramble/descramble-processing becomes possible. 

[0088] As described above, the information recording medium in this embodiment enables scrambling in a file unit. 
The information recording medium in this embodiment has information whether or not scrambling has been performed 
as copyright managing information in the file management area and in the scramble flag field in the sector header in 
a unit of sector. This enables a device such as a personal computer which only recognizes main data to recognize 

20 whether or not scramble-processing has been performed, and enables a device such as an optical disk drive which 
cannot recognize main data to recognize whether or not scramble-processing has been performed. Therefore, in the 
case where data is to be reproduced by the optical disk drive connected to the personal computer, it is possible for 
both of the former and the latter to determine whether or not the copyright of the data should be protected. 
[0089] Furthermore, since in the information recording medium of this embodiment, different scramble-processing 

25 for every file can be performed by changing the seed key, even if a scramble method for one scrambled file is decrypted 
by an illegal act, another scrambled file can be prevented from being descrambled by the decrypted scramble system. 
Thus, it is possible to enhance security in processing for copyright protection. 

[0090] Furthermore, in the case where the information recording medium of this embodiment is used for the purpose 
of copyright protection, the scramble information sector where scramble information indispensable to descrambling is 
30 recorded exists in the lead-in area which cannot be read by an apparatus such as a personal computer. For this reason, 
the act of illegally reading the scramble information can advantageously be prevented. Furthermore, since the lead-in 
area is reproducible by the same reproducing means as the data recording area, there is no need for providing a special 
reproducing means. 

[0091] Furthermore, since information recorded in a unit of sector such as seed key, scramble flag, use identifying 
35 information or the like are recorded in the sector header field which cannot be read by an apparatus such as a personal 
computer, as in the case of recording the scramble information in the lead-in area described above, the act of illegally 
reading the information can advantageously be prevented. 

[0092] Furthermore, since the use identifying information is recorded in the sector header field, it is possible to de- 
termine depending on the content of the recorded data whether the reproducing device should perform reproduction 
40 or prohibit reproduction. Therefore, for example, by recording different identifiers between an industrial disk and a 
consumer disk in this area, the industrial disk can be prevented from being reproduced by a consumer reproducing 
device. 

[0093] Furthermore, by recording a mutual authentication key for use in mutual authentication processing, the re- 
producing device can change data received and transmitted at the mutual authentication operation for every mutual 
45 authentication key. Thus, the processing method for the mutual authentication processing can be advantageously 
prevented from being illegally decrypted. Therefore, it is possible to prevent the act of illegally copying to a magnetic 
disk drive or the like. 

[0094] In this embodiment, the volume-file structure is based on ISO9660. which is the international standard, but it 
is not limited thereto, and another volume-file structure can be used, as long as the volume-file structure-has the 
50 information described above. 

[0095] In this embodiment, the scramble system uses the logical operation of random numbers and data, but it is 
not limited thereto, and another scramble system can be used, as long as the scramble system has a table and a seed 
key for referring to the table. 

[0096] In this embodiment, a table for determining preset data is recorded in the lead-in area, but it is not limited 
55 thereto, and another parameter can be used, as long as the parameter can determine the table. An identifier for spec- 
ifying one table among a plurality of previously known tables can be recorded. 

[0097] In this embodiment, an information recording area for identifying the use as the use identifying information 
field is provided in the sector header field in the scrambled sector. However, it is not necessary that the filed is definitely 
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isolated, but the use can be classified by a value of the seed key. 

TnltL ,n ^ S Gmbod i™ nt ' in the scrambled sector, all 2048 bytes in the main data field are subjected to the scramble- 
nprf^ln i sc [f mb,e -P rocessin 9 ^ not necessarily performed to the entire main data field, but can be 

performed to a predetermined part of the field. 

(Fourth Embodiment) 

ZZSJ? Thl H^r,' d ? Stn il Ure ?' ,he information recordi "9 me dium ^cording to the present invention will be 
f21 1 * ? '"formation recording medium is the same as the information recording medium 
SZZ T ? w ° n,y the d ' fferent P ° intS fr0m *« data s,ructure shown in F '9"^ 10 will be described 
;npr!L!~ Ti a> <C) k 9Ure 13 Sh ° W 3 da,a S,mCture of a directorv record recorded volume-file man- 

a vT a ^nnL« SCram k 6 SyStem fi6,d in the COpy "' 9ht mana9ing informati °" of ,he diractof y -^cord is recorded 
a value 2 indicating a scramble system which will be described in this embodiment 

[0101] Portion (e) of Figure 13 shows a data structure of the scrambled sector. The sector header field in the scram- 
Z \ aMKSS fie,d ' 3 SCrambte fla9 fie ' d ' 3 media CGMS < C0 W Ge ™ a «on ^nagemem System) 
main Jfeld ^ **' *" ^ key fieW a " d an anc *>P ted use ^ntifyingSor- 

!" !!! e scramble fla 9 fie,d is ^corded a value 1 indicating that the scramble-processing has been performed 
0103] In the media CGMS data fle.d is recorded copy permission information of the informaLn recorlg Sum 

whem S3 K s °£ '? a ' ° GMS wf fiCld iS reC ° rded C ° Py perm,SSi0n lnformatio " of ™ s « "W- d «a the cZ 
where data of th.s sector is copied from another medium. Herein, the media CGMS data represents copy permission 
.nformation of the data of the information recording medium. The media CGMS data is updated at The t°me o™ conv 
SSLT 3 ' CGM ? data . re P resents «W Permission information a, the time of disk produc. on I nceT 
^cS^ 



Table 1 



|| Media CGMS data/Original CGMS data 


Content 


00b 


Copying permitted 


01b 


Unused 


10b 


One copying permitted 


11b 


Copying prohibited 



hTJSS JTV: , eXamP ' e ' Whe " me media CGMS da,a is 11b and ori 9ina' CGMS data is 10b it 

CGMS h1 h T^HL ata Se ° t0r iS 0n ' 9inally in tne state where on| y ° ne °°Py * Permitted (media 
CGMS data and ongmal CGMS data are both 01b). and the media CGMS data is changed to 11 b which means coovina 

KIP -"*"•« L° ne °° py oparatio "- He ™ aftar - the media Cg'ms data and he T££S£m 
data in combination are referred to as CGMS control information 

mai 0 n 5 dati n fi t eld. enCryPted ^ *" * * ^ f ° f descramb,ind 016 scramble-processing performed to the 

S?l 0 fLr!n, th H "!! ident Wng information field is recorded identification information for specifying the use 

f£d J T f 3 fieW ' enCryP,ed ,iUe kSy fie ' d and the encrypted uses 'rienfification inCation 
fie d are all subjected to encryptmg processing, and information cannot be read simply by reading the sector header 

eallS ^ ^ been ancf yP ted usi "3 a " encrypted disk key recorded in the sector header fie d in the 
lead-in area of the .nformation recording medium. Therefore, in order to decrypt the encrypted information in the scram! 
ble information sector header field, the encrypted disk key is required. inrormauon in tne scram- 

[0107] Portion (d) of Figure 13 shows a data structure of the scramble information sector. In the followina descriotion 

'Z'lZw^ T^TjrTf da !T and da ! a ^ 004,6 is decrypted - the encrypted da * 1 " 

with encrypted . and the data whose code is decrypted is denominated with "decrypted". For example data obtained 

™ e scramble information sector is recorded in the control data area in the lead-in area 
ivltel Jlh^ a » SeCt °? eader 1 . fi 1 eld ,he SCran "" e informa «°n sector is recorded a value 2 indicating that the scramble 
autnenti^ IS TV Furthermore - in tha authentication key field is recorded an mutual 

authentication key for use in mutual authentication processing for determining whether or not data after descramb ing 
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is to be supplied. This mutual authentication key will be described in detail later in an embodiment of an information 
reproducing device. 

„ [0110] In the main data Meld in the scramble information sector is recorded an encrypted original CGMS data, an 
encrypted title key, and an encrypted disk key for decrypting an encrypted use identifying information of the scrambled 

5 sector. The encrypted disk key is further encrypted, and the key for decrypting the encrypted disk key (hereinafter, 
referred to as a master key) is provided by the information reproducing device. 

[0111] In the main data field in the scramble information sector is recorded a plurality of encrypted disk keys such 
as encrypted disk key 1 . encrypted disk key 2, — . The encrypted disk key is encrypted by a corresponding master key 
in such a manner that the encrypted disk key 1. the encrypted disk key 2, — are encrypted by the master key 1, the 

10 master key 2, — , respectively. Herein, the encrypted disk key 1 , the encrypted disk key 2, — are obtained by encrypting 
the same disk key information by different mater keys. Therefore, in the case where an information reproducing device 
A internally includes the master key 1 and another information reproducing device B internally includes the master key 
2, the information reproducing device A decrypts the encrypted disk key 1 and the information reproducing device B 
decrypts the encrypted disk key 2, thus obtaining a decrypted disk key having the same content. 

is [0112] Portion (f) of Figure 13 shows a data structure of the non-scrambled sector. In the scrambled sector flag field 
is recorded a value 0. The data recorded in the main data field is not subjected to scramble-processing. This indicates 
that the same data access as a conventional information recording disk is possible. 

[0113] As described above, in the information recording medium in this embodiment, data reproduction is possible 
by exactly the same access as the conventional device for reproduction of the non-scrambled sector. On the other 

20 hand, in order to perform reproduction of the scrambled sector, the information reproducing device having the master 
key reads the scramble information sector in the lead-in area and decrypts the encrypted disk key by the master key, 
and further decrypts the encrypted title key of the sector header in the scrambled sector using the decrypted disk key, 
and performs descramble-processing of the scrambled data using the decrypted title key. Thus, data can be reproduced. 
[0114] Hereinafter, the case where the scramble system described in the third embodiment is used as an example 

25 of the scramble system will be described. In the third embodiment, preset data is generated by using a conversion 
table. In the information recording medium in this embodiment, when an initial value for random number generation is 
encrypted and recorded in the encrypted title key field, scramble-processing of data can be easily performed by using 
the shift register 301 and the logical operation block 302 in portion (a) of Figure 12. More specifically, the decrypted 
title key is used as an initial value of the shift register 302, and the shift is repeated so that a random number sequence 

30 Sj is generated. Then, the logical operation of the random number sequence Sj and the data sequence Dj is performed, 
so that scramble-processing can be performed. Furthermore, descrambling of data can also be performed by using 
the shift register 301 in portion (a) of Figure 12. 

[0115] As described above, the information recording medium in this embodiment enables scrambling in a file unit. 
In addition, the information recording medium in this embodiment has information whether or not scrambling is per- 

35 formed as copyright managing information in the file management area and in the scramble flag field in the sector 
header in a unit of sector. This enables a device such as a personal computer which only recognizes main data to 
recognize whether or not scramble-processing is performed, and enables a device such as an optical disk drive which 
cannot recognize main data to recognize whether or not scramble-processing is performed. Therefore, in the case 
where data is to be reproduced by the optical disk drive connected to the personal computer, both of the former and 

40 the latter can determine whether or not the copyright of the data should be protected. 

[0116] Furthermore, since in the information recording medium of this embodiment, different scramble-processing 
for every file can be performed by changing the title key. even if a scramble method for one scrambled file is decrypted 
by an illegal act, another scrambled file can be prevented from being descrambled by the decrypted scramble system. 
Thus, it is possible to enhance security in processing for copyright protection. 

45 [01 17] Furthermore, in the case where the information recording medium of this embodiment is used for the purpose 
of copyright protection, the scramble information sector where scramble information indispensable to descrambling is 
recorded exists in the lead-in area which cannot be read by an apparatus such as a personal computer. For this reason, 
the act of illegally reading the scramble information can advantageously be prevented. Furthermore, since the lead-in 
area is reproducible by the same reproducing means as the data recording area, there is no need for providing a special 

so reproducing means. 

[0118] Furthermore, since the scramble flag, the CGMS control information, the encrypted title key and the encrypted 
use identifying information, which are recorded in a unit of sector, are recorded in the sector header field which cannot 
be read by an apparatus such as a personal computer, as in the case of recording the scramble information in the lead- 
in area described above, the act of illegally reading the information can advantageously be prevented. 
55 [0119] Furthermore, since the use identifying information is recorded in the sector header field, it is possible to de- 
termine depending on the content of the recorded data whether the reproducing device should perform reproduction 
or prohibit reproduction. Therefore, for example, by recording different identifiers between an industrial disk and a 
consumer disk in this area, the industrial disk can be prevented from being reproduced by a consumer reproducing 



13 



EP 0 802 535 B1 



device. 

[0120] Furthermore, by recording a mutual authentication key for use in mutual authentication processing, the re- 
producing device can change data received and transmitted at the mutual authentication operation for every mutual 
authentication key. Thus, the processing method for the mutual authentication processing can be advantageously 
prevented from being illegally decrypted. Therefore, it is possible to prevent the act of illegally copying to a magnetic 
disk drive or the like. 

[0121] Furthermore, in the information recording medium in this embodiment, a hierarchical encrypting/scramble- 
processing is performed in such a manner that the main data in the scrambled sector is encrypted by the title key, the 
title key is encrypted by the disk key, and the disk key is encrypted by the master key. For this reason, even if the main 
data in the scrambled sector is illegally copied, descrambling can be prevented, so that the illegal copying makes no 
sense. 

[0122] Furthermore, since the CGMS control information is recorded, even if a file is copied from the information 
recording medium in this embodiment to another rewritable medium, it is possible to determine whether copying was 
illegal or legal. 

[0123] In this embodiment, the scramble-processing is performed by the logical operation of data and the random 
number obtained by using the title key as the initial value. However, the scramble system is not limited thereto, but 
another scramble system can be used, as long as the system scrambles data in accordance with a specified key. 
[0124] In this embodiment, the volume-file structure is based on ISO9660, which is the international standard, but it 
is not limited thereto, and another volume-file structure can be used, as long as the copyright managing information 
equivalent to the content described in this embodiment can be recorded in the volume-file structure. 
[0125] In this embodiment, in the scrambled sector, all data in the sector is scrambled. However, the entire main 
data in the sector is not necessarily scrambled, but a part of the main data can be scrambled. 
[01 26] In this embodiment, in the scrambled file, all sectors constituting the file are subjected to the scramble-process- 
ing. However, a part of sector in the scrambled file can be subjected to the scramble-processing. 
[0127] In this embodiment, the CGMS control information uses three types, i.e., one copying permitted, copying 
prohibition, and copying permitted, but information on two copies permitted, three copies permitted or the like can be 
recorded by extending allocated bits. 

[0128] The scramble method of the main data described in this embodiment is only an example, and the scramble 
method is not limited thereto. Another method can be used, as long as scramble-processing is performed based on 
certain key information (title key in this embodiment). 

(Fifth Embodiment) 

[0129] Hereinafter, an information reproducing device for reproducing the information recording medium according 
to the present invention will be described with reference to the accompanying drawings. The information reproducing 
device is a device which can commonly reproduce the third and fourth embodiments of the information recording 
mediums, unless mentioned otherwise. Therefore, although an operation for reproducing the fourth embodiment of the 
information recording medium will be described below as an example, the third embodiment of the information recording 
medium can be processed in the same manner by substituting the seed key field for the encrypted title disk key, and 
substituting the preset data conversion table for the encrypted disk key of the scramble information sector. 
[0130] Figure 14 is a block diagram showing an information reproducing device 500 according to the present inven- 
tion. The information reproducing device 500 includes a main processor 501 , a bus interface circuit 503, a main memory 
504, a SCSI (Small Computer System Interface) control card 506 for controlling a protocol determined by an SCSI, an 
AV decoder card 507 for extending compressed digital AV data to convert into an analog AV data and output the analog 
AV data, an optical disk drive 509 for reproducing the information recording medium of the present invention and a 
hard disk drive 510. 

[0131] The main processor 501, the bus interface circuit 503 and the main memory 504 are interconnected via the 
processor bus 502. The bus interface circuit 503, the SCSI control card 506 and the AV decoder card 507 are inter- 
connected via a system bus 505. The SCSI control card 506, the optical disk drive 509 and the hard disk drive 510 are 
interconnected via a SCSI bus. 

[0132] Next, a reproduction operation of an AV file by the information reproducing device 500 will be described. 
[0133] When an optical disk is mounted on the optical disk drive 509, the main processor 501 reads a volume-file 
management area in the optical disk via the SCSI control card 506, and the main memory 504 stores the volume-file 
management area (hereinafter, data in the stored volume-file management area is referred to as file managing infor- 
mation). v 

[0134] The main processor 501 performs processing where the AV decoder card 507 and the optical disk drive 509 
determine therebetween whether or not the other component has a copyright protection function (hereinafter, referred 
to as mutual authentication processing). During this processing, in the case where either one of the two components 
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detects an error, the mutual authentication processing is regarded as having failed, and subsequent procedure is 
cancelled. On the other hand, in the case where the mutual authentication processing is normally ended, the optical 

9 disk drive 509 transmits the encrypted disk key of the mounted disk to the AV decoder card 507. At this time, the optical 
disk drive 509 further supplies an encrypted disk key obtained by encrypting based on a key generated during the 

5 mutual authentication processing (hereinafter, referred to as a bus key) at the time of outputting the encrypted disk 
key. The AV decoder card 507 internally retains the received encrypted disk key after decrypting it with the bus key. 
[0135] Thereafter, in the case where a file recorded in the optical disk is to be reproduced, the main processor 501 
refers to a scramble flag of copyright managing information in the file managing information previously stored in the 
main memory 504, and determines whether or not the file to be reproduced is a scrambled file. As a result of the 

10 determination, when it is determined that the file to be reproduced is an unscrambled file, the optical disk drive 509 
receives a reproduction instruction from the main processor 501 via the SCSI control card 506, and transfers non- 
scrambled data. On the other hand, if the main processor 501 determines based on the scramble flag of the file man- 
aging information that the file to be reproduced is a scrambled file, the mutual authentication processing between the 
optical disk drive 509 and the AV decoder card 507 is executed. 

15 [0136] When the main processor 501 detects an error during the mutual authentication processing, the processing 
is cancelled without performing reproduction processing. On the other hand, in the case where the mutual authentication 
processing is normally ended, the optical disk drive 509 transmits back the encrypted title key, prior to reproduction of 
data, and the encrypted title key is transferred to the AV decoder card 507 by the main processor 501. At this time, the 
optical disk drive 509 transfers the encrypted title key which is encrypted by the bus key previously retained. Further- 

20 more, the AV decoder card 507 internally stores the received encrypted title key after decrypting it by the bus key. 

[0137] Thereafter, the optical disk drive 509 supplies scrambled data read from the mounted disk, and the micro- 
processor 501 transfers the scrambled data to the AV decoder card 507. The AV decoder card 507 descrambles the 
scrambled data using the title key already stored therein, and converts it to analog AV data to output an analog signal 
from a video output and an audio output. As described above, the information reproducing device 500 can reproduce 

25 the information recording medium of the present invention. 

[0138] As for a copy operation of a scrambled file from the optical disk drive 509 to the hard disk drive 510, since 
the hard disk drive 510 cannot execute the mutual authentication processing, the mutual authentication is put to an 
error end. Therefore, the processing is cancelled before the optical disk drive 509 supplies data to the SCSI bus, and 
thus the copy operation is not executed. 

30 [0139] Furthermore, if a program for illegally copying a scrambled file read by the optical disk drive 509 to the hard 
disk drive 510 Is loaded to the main memory 504. the mutual authentication processing is normally ended in a certain 
form, and then the transferred scrambled data is copied in the hard disk drive 510, the scrambled data is copied in the 
hard disk drive 510. However, the mutual authentication processing between the hard disk drive 510 and the AV decoder 
card 507 is required once again, in order to reproduce data copied in the hard disk drive 510. In this case, since the 

35 hard disk drive 510 does not have means for generating a bus key, it is impossible that the scrambled file on the hard 
disk drive 510 is reproduced by the AV decoder card 507. 

[0140] Therefore, even if illegal copying is made, the copy operation can make no sense. As a result, a copyright 
protection mechanism can be realized. 

[0141] Hereinafter, further detailed structures and operations of the optical disk drive 509 and the AV decoder card 
40 507, which are components of the information reproducing device 500, will be described with reference to Figures 15 
and 16, respectively. 

[0142] Figure 15 is a block diagram showing the structure of the optical disk drive 509. The structure thereof will be 
described below. Reference numeral 600 denotes an SCSI control circuit. Reference numeral 601 denotes a decoder 
authentication circuit for performing a mutual authentication processing with an AV decoder. Reference numeral 602 

45 denotes a microcontroller for controlling the entire optical disk drive. Reference numeral 603 denotes a program ROM 
storing an operation program of the microcontroller. Reference numeral 604 denotes a control bus for transmitting 
control data. Reference numeral 605 denotes an ECC (Error Correction Code) processing memory used at the time 
of error correction processing for correction a readout error at the time of reproducing data. Reference numeral 606 
denotes a data reproducing circuit for reading data from the optical disk 607, digitalizing, demodulation, error correction 

so processing or the like. Reference numeral 607 denotes an information recording medium of the present invention and 
an optical disk having the data structure shown in the third embodiment and the fourth embodiment. 
[0143] Next, the operation of the optical disk drive 509 at the time of mutual authentication processing and at the 
time of reproducing data will be described. 

[0144] The optical disk drive 509 which received a mutual authentication request by the SCSI control circuit 600 
55 controls the decoder authentication circuit 601 so as to execute a predetermined mutual authentication processing. 
Since the protocol will be described in detail later, it is omitted here. In the protocol for the mutual authentication 
processing, in the case where the microcontroller 602 detects some error, the SCSI control circuit 600 reports an error 
and the mutual authentication processing and a subsequent key information transfer operation are cancelled. In the 
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information for executing descrambling. Therefore, an effect of protecting copyright of the file is provided. 

[0156] According to the information reproducing device of this embodiment, since the AV decoder card 507 internally 
, has the descramble circuit 705 for performing descrambte-processing depending on the key information, it is possible 

to descramble the scrambled data for reproduction. 
5 [0157] In this embodiment, an SCSI bus is used for the bus connected to the optical disk drive 509. However, the 

bus is not limited thereto, and a bus compliant with ATAPI (AT Attachment Packet Interface) or IEEE 1394 (Institute of 

Electrical and Electronics Engineers 1394) can be used, as long as reproduction data can be transferred in accordance 

with a predetermined protocol. 

[0158] In this embodiment, the function of the decoder authentication circuit 601 and the function of the drive au- 
10 thentication circuit 701 can be realized by a software executed by the microcontrollers 602 and 702. 

(Sixth Embodiment) 

[0159] Next, an information reproducing device 800 according to the present invention will be described. 

15 [0160] Figure 17 is a block diagram showing the structure of the information reproducing device 800 according to 
the present invention. The structure of the information reproducing device 800 is the same as that of the information 
reproducing device 500 shown in Figure 14. except that an SCSI control circuit for performing communication compliant 
with the SCSI system is incorporated into an AV decoder card 801. Therefore, the same components bears the same 
reference numerals, and the description thereof is omitted. 

20 [0161] Next, the operation of the information reproducing device 800 will be described. 

[0162] Since the SCSI control circuit incorporated AV decoder card 801 internally includes the SCSI control circuit, 
when a scrambled file reproduction request of the optical disk drive 509 is issued from the main processor 501, the 
mutual authentication processing between the SCSI control circuit incorporated AV decoder card 801 and the optical 
disk drive 509 is directly executed. More specifically, the SCSI control circuit incorporated AV decoder card 801 issues 

25 a command sequence for mutual authentication to the optical disk drive 509, the optical disk drive 509 responds to the 
command. In this manner, the mutual authentication processing is performed. 

[0163] Furthermore, likewise in an operation of reproducing data, it is the SCSI control circuit incorporated AV decoder 
card 801 that makes a reproduction request to the optical disk drive 509, not the main processor 501. Therefore, data 
read by the optical disk drive 509 is directly input to the SCSI control circuit incorporated AV decoder card 801 and 

30 converted to an analog AV signal and output. 

[0164] Figure 18 is a block diagram showing the structure the SCSI control circuit incorporated AV decoder card 
801 . Hereinafter, only different points from the structure of the AV decoder card 507 shown in Figure 1 6 will be described. 
[01 65] Reference numeral 900 denotes a SCSI control circuit for controlling reception and transmission of data with 
an SCSI bus. Reference numeral 901 denotes a program ROM where a program to be executed by the microcontroller 

35 is stored. 

[01 66] When a reproduction request for a scrambled file is input to the system interface circuit 700, the microcontroller 
702 controls the drive authentication circuit 701 and the SCSI control circuit 900 so as to execute the mutual authen- 
tication processing with the optical disk drive 509. At this time, in a mutual authentication protocol, a command is 
directly issued from the SCSI control circuit 900 to the optical disk drive 509. Furthermore, the microcontroller 702 

40 controls the drive authentication circuit 701 in accordance with the mutual authentication protocol so as to perform 
mutual authentication processing. In the case where the mutual authentication processing is ended by an error, the 
microcontroller 702 controls the system interface circuit 700 to report the error to the main processor 501 so that the 
processing is ended. On the other hand, in the case where the mutual authentication processing is normally ended, 
data of a scrambled file is directly received by the SCSI control circuit 900 from the optical disk drive 509, and data 

45 descrambled by the descramble circuit 705 is converted to an analog AV signal by the audio/video decoder circuit 706 
and output. By the procedure described above, as in the case of the information reproducing device of the fifth em- 
bodiment, AV data can be reproduced while preventing the copy operation which infringes copyright of data recorded 
in the information recording medium of the present invention. 

[0167] As described above, according to the information reproducing device 800 of this embodiment, in addition to 
50 the feature of the information reproducing device of the fifth embodiment, since the optical disk drive 509 and the SCSI 
control circuit incorporated AV decoder card 801 directly receive and transmit commands and data, security against 
illegal decrypting a mutual authentication system and key information, and the execution of an unjust copy operation 
can be enhanced. 

[01 68] Although the information recording medium to be reproduced has been described using the fourth embodiment 
55 of the information recording medium according to the present invention, the same processing is possible for the third 
embodiment of the information recording medium according to the present invention, as long as the encrypted title key 
is replaced by the seed key, and the encrypted disk key is replaced by conversion table information of the scramble 
information sector. 
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[0169] In this embodiment, an SCSI bus is used for the bus connected to the optical disk drive 509. However, the 
bus is not limited thereto, and an interface such as an ATAPI or an IEEE 1394 can be used, as long as reproduction 
data can be transferred in accordance with a predetermined protocol. 

5 (Seventh Embodiment) 

[0170] Next, an information reproducing device 1000 according to the present invention will be described. 
[0171] Figure 19 is a block diagram showing the structure of the information reproducing device 1000 according to 
the present invention. The information reproducing device 1000 is an optical disk player. The components of the infor- 
10 mation reproducing device 1000 are the same as those of the information reproducing device shown in Figure 14 or 
the information reproducing device shown in Figure 17, except for a program ROM 1001. Therefore, the same com- 
ponents bear the same reference numerals, and the description thereof is omitted. The description herein is based on 
the fourth embodiment of the information recording medium. 

[0172] At the time of the reset or disk insertion in the optical disk player 1000, the microcontroller 702 controls the 
data reproduction circuit 606 and reads a scramble information sector of a lead-in area of the optical disk. An encrypted 
disk key information read from the scramble information sector is transferred to the descramble circuit 705 and internally 
retained. 

[0173] On the other hand, in reproducing a scrambled file recorded in the optical disk 607, the microcontroller 702 
controls the data reproduction circuit 606, reads an encrypted title key from a sector header field of the scrambled file 
to be reproduced, and transfers it to the descramble circuit 705. The descramble circuit 705 stores the received title 
key and judges use identifying information. As a result of the determination, in the case reproduction is prohibited the 
descramble circuit 705 reports an error to the microcontroller 702. On the other hand, in the case where the descramble 
circuit 705 determines that reproduction is permitted, the data reproduction circuit 606 reads data of the scrambled 
file, and transfers the read scrambled data to the descramble circuit 705. The descramble circuit 705 descrambles the 
scrambled data using a disk key and a title key previously stored, and transfers the result to the audio/video decoder 
circuit 706. The audio/video decoder circuit 706 converts the received data to an analog AV signal and performs audio/ 
video outputs. 

[0174] In this manner, the optical disk player 1000 can descramble the scrambled data for reproduction. However 
the optical disk player 1 000 is different from the fifth and the sixth embodiments of the information reproducing device 
of the present invention in that it performs video reproduction without executing the mutual authentication processing. 
This is because, since reproduced data is directly input to the audio/video decoder circuit 706 in this embodiment a 
copy operation to other rewritable media such as a hard disk drive cannot be performed in the middle of the procedure, 
and thus the mutual authentication processing is not required. Therefore, in the structure of this embodiment, without 
the component which executes the mutual authentication processing, the copyright protection is possible. Furthermore 
since the optical disk player 1 000 judges use identifying information at the time of reproduction, data whose reproduction 
is prohibited for its use can be prevented from being reproduced. 

[0175] Hereinafter, the further detailed structures and operations of a decoder authentication circuit 601 a drive 
authentication circuit 701 and a descramble circuit 705, which are used in the fifth and the sixth embodiments of the 
information reproducing device of the present invention, will be described. The structure described below is a structure 
common to the fifth embodiment, sixth embodiment and seventh embodiment. 

[0176] First, the structure and the operation of the descramble circuit 705 with be described with reference to the 
accompanying drawing. The descramble circuit 705 highly depends on a scramble system, so that the structure in the 
case of reproducing the third embodiment of the information recording medium of the present invention is different 
from that in the case of reproducing the fourth embodiments of the information recording medium. Therefore, in the 
following description, the descramble circuit for reproducing the third embodiment of the information recording medium 
of the present invention will be described with reference to Figures 20 and 21 . The descramble circuit for reproducing 
the fourth embodiment of the information recording medium of the present invention will be described with reference 
to Figures 22 and 23. 

[0177] Figure 20 is a block diagram showing the structure of the descramble circuit 1106 for reproducing the third 
embodiment of the information recording medium of the present invention. Hereinafter, each component will be de- 
scnbed. Reference numeral 1 1 00 denotes an I/O control circuit for performing communication with the control bus 704. 
Reference numeral 1 101 denotes a selector for switching a block to which an output is directed (hereinafter referred 
to as a targeted block for output), depending on the content of the input data. Reference numeral 1 102 denotes a use 
identifying circuit for determining whether or not reproduction is permitted, referring to the use identifying information 
of a reproduction file. Reference numeral 1103 denotes a conversion table memory circuit for storing a conversion 
table to generate preset data for a random number generating circuit 1 104 from the seed key. Reference numeral 1 104 
denotes the random number generating circuit for generating a random number based on preset data output from the 
conversion table memory circuit 1103. Reference numeral 1 1 05 denotes a main data descramble circuit for performing 
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descramble-processing by performing a logical operation between the random number generated by the random 
number generating circuit 1104 and scrambled data input from the selector 1101. 
[0178] Next, the operation of the descramble circuit 1 106 will be described. 

[0179] First, in the case where a scramble information sector recorded in the lead-in area is to be read after the 
5 mutual authentication processing is normally ended, a scramble information sector readout is set to the selector 1 101 
via the I/O control circuit 1 100, and the selector 1101 sets a targeted block for output to the conversion table memory 
circuit 1103. Read data which is input is supplied to the conversion table memory circuit 1103 via the selector 1101, 
and stored as a conversion table for determining preset data which is to be used as an initial value for the random 
number generation. 

10 [01 80] On the other hand, at the time of reproducing a scrambled file, mutual authentication processing is performed 
prior to reproduction of data, and use identifying information in the sector header field received after normal end of the 
mutual authentication processing is input to the use identifying circuit 1102, and the seed key is input to the conversion 
table memory circuit 1103. The use identifying circuit 1102 internally has information regarding the use identifying 
information which is permitted to be reproduced, identifies whether or not the reproduction is permitted by comparing 

15 it with the input use identification information, and reports the I/O control circuit 1100 and the main data descramble 
circuit 1105. On the other hand, the conversion table memory circuit 1 103 which receives the seed key outputs a preset 
data corresponding to the seed key based on the received seed key to the random number generating circuit 1104. 
The random number generating circuit 1 104 generates a random number sequence based on the received preset data 
and outputs it to the main data descramble circuit 1105. Following the sector header field, when the main data of the 

20 scrambled sector is to be input, a targeted block for output of the selector 1 1 01 is switched to the main data descramble 
circuit 1 1 05. Thereafter, the main data descramble circuit 1 1 05 executes descramble-processing by performing a logical 
operation between the main data input from the selector 1 101 and the random number sequence input from the random 
number generating circuit 1104, and outputs descrambled data to the audio/video decoder circuit 706. 
[0181] The operation described above will be explained in greater detail with reference to Figure 21 below. 

25 [0182] Figure 21 is a flow chart explaining the content of the descramble-processing in the descramble circuit 1 106, 
in the case where the third embodiment of the information recording medium of the present invention is reproduced. 
Each step will be described below. 

[0183] (S1200): A targeted block for output of the selector 1 101 is switched to the conversion table memory circuit 
1103, and a conversion table read from the scramble information sector of the lead-in area of the information recording 

30 medium is stored in the conversion table memory 1103. 

[0184] (S1201): A targeted block for output of the selector 1101 is switched to the I/O control circuit 1100, and a 
scramble flag in the sector header received prior to reproduction of the scrambled file is transmitted back to the micro- 
controller 702. The microcontroller 702 determines whether or not the scramble flag is 1, and transmits back the de- 
termined result to the I/O control circuit 1100. When it is determined that the scramble flag is 1 , the procedure goes to 

35 step (S1202). When it is determined that the scramble flag is 0, the procedure goes to step (S1206) with the function 
of the main data descramble circuit 1 105 stopped. 

[0185] (S1202): A targeted block for output of the selector 1101 is switched to the use identifying circuit 1102, and 
use identifying information in the sector header received prior to reproduction of the scrambled file is transferred. The 
use identifying circuit 1102 determines whether or not reproduction of the file is permitted, by comparing the received 
40 use identifying information with reproduction permission information internally retained. When it is determined that 
reproduction is prohibited, the procedure goes to step (S1203). When it is determined that reproduction is permitted, 
the procedure goes to step (S1204). 

[0186] (S1203): In the case where it is determined at the above processing step (S1202) that reproduction of the file 
is prohibited, an error is reported to the microcontroller 702 via the I/O control circuit 1100 in this step, and the processing 
45 is ended. 

[0187] (S1204): A seed key read from the sector header of the scrambled file to be reproduced is input to the con- 
version table memory circuit 1 103, and preset data is generated from the seed key and the conversion table and output 
to the random number generating circuit 1104. 

[0188] (S1205): A targeted block for output of the selector 1 101 is switched to the main data descramble circuit 1105, 
so and main data of an input scrambled file is transferred to the main data descramble circuit 1105. On the other hand, 
the random number generating circuit 1104 generates a random number sequence based on preset data input from 
the conversion table memory circuit 1103 and outputs it to the main data descramble circuit 1105. The main data 
descramble circuit 1105 executes descramble-processing by performing a logical operation between the input main 
data and the random number sequence. 
55 [0189] (S1206): The main data descramble circuit 1105 outputs descrambled data at the time of executing the de- 
scrambling, and outputs data input from the selector 1101 as it as when the descramble function is stopped, to the 
audio/video decoder circuit 706. 

[0190] As described above, the descramble circuit 1 106 includes the use identifying circuit, so that it is possible to 
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selectively reproduce a file having the use identifying information for which reproduction is prohibited and a file having 
the use identifying information for which reproduction is permitted. 

[0191] Furthermore, the descramble circuit 1 106 internally includes the selector for separating a scramble identifi- 
cation flag, so that it is possible to separate only a scramble flag so as to determine whether or not to perform de- 
scrambling. 

[0192] Furthermore, since a conversion table for converting to preset data can be determined in a unit of disk, and 
a seed key can be determined in a unit of file, it is possible reproduce the information recording medium having a 
scramble system with security so high that reproduction cannot be made without both of the two data. 
[0193] Figure 22 is a block diagram showing the structure of the descramble circuit 1308 for reproducing the fourth 
embodiment of the information recording medium of the present invention. Hereinafter, each component will be de- 
scribed. Reference numeral 1300 denotes an I/O control circuit for performing communication with the control bus 704. 
Reference numeral 1301 denotes a selector for switching a targeted block for output, depending on the content of the 
input data. Reference numeral 1302 denotes a disk key decrypting circuit for decrypting an encrypted disk key in the 
case where the encrypted disk key is input. Reference numeral 1303 denotes a master key storage section for storing 
a master key to be used for decrypting the encrypted disk key in a hardware manner. Reference numeral 1304 denotes 
a sector header decrypting circuit for receiving a disk key decrypted by the disk key decrypting circuit 1302, and de- 
crypting the encrypted section in the sector header. Reference numeral 1305 denotes a CGMS checking circuit for 
confirming conformity between an original CGMS data decrypted by the sector header decrypting circuit 1304 and 
media CGMS data input from the selector. Reference numeral 1306 denotes a use identifying circuit for receiving use 
identifying information decrypted by the sector header decrypting circuit 1304 and determining whether or not repro- 
duction is permitted. Reference numeral 1307 denotes a main data scramble circuit for descrambling main data input 
from the selector 1301 based on the title key input from the sector header decrypting circuit 1304. 
[0194] Hereinafter, the descramble circuit 1308 will be described. 

[0195] First, in the case where a scramble information sector recorded in the lead-in area is read after the mutual 
authentication processing is normally ended, a targeted block for output of the selector 1301 is set to the disk key 
decrypting circuit 1302 via the I/O control circuit 1300, and input read data is input to the disk key decrypting circuit 
1302 via the selector 1301. The disk key decrypting circuit 1302 decrypts a disk key based on the master key input 
from the master key storage section 1303, and the disk key is stored in the disk key decrypting circuit 1302. 
[0196] On the other hand, at the time of reproducing a scrambled file, the mutual authentication processing is per- 
formed prior to reproduction of data. When the mutual authentication processing is normally ended, the sector header 
of the scrambled file to be reproduced is input to the selector 1301. The selector 1301 selects a targeted block for 
output thereof for every content of the sector header, and outputs a scramble flag to the microcontroller 702 via the I/ 
O control circuit 1300, outputs media CGMS data to the CGMS checking circuit 1305, and outputs encrypted original 
CGMS data and encrypted use identifying information and encrypted title key (hereinafter, referred to as an encrypted 
sector header in combination) to the sector header decrypting circuit 1304. The sector header decrypting circuit 1304 
receives disk key from the disk key decrypting circuit 1302, decrypts the encrypted sector header based on the disk 
key, and outputs the original CGMS data to the CGMS checking circuit 1305, outputs use identifying information to the 
use identifying circuit 1306, and outputs the title key to the main data descramble circuit 1307. The CGMS checking 
circuit 1305 receives media CGMS data input from the selector 1301 and the original CGMS input from the sector 
header decrypting circuit 1304, and determines whether or not the value indicates that reproduction is permitted At 
this time, criteria of the determination of the CGMS checking circuit 1305 are shown in (Table 2). (The meanings 
represented by the media CGMS data and the original CGMS data are consistent with the explanation of the fourth 
embodiment of the information recording medium of the present invention.) 
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Table 2 



Medium identification 
information 


Media CGMS data 


Original CGMS data 


CGMS determination information 


1 

(Reproduction only medium) 


00 


00 


1 


01/10/11 


0 


01 


00/01/10/11 


0 


10 


00/01/11 


0 


10 


1 


11 


00/01/10 


0 


11 1 
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Table 2 


(continued) 




Medium identification 
information 


Media CGMS data 


Original CGMS data 


CGMS determination information 


0 


00 


00 


1 


(Rewritable medium) 




00/10/11 


0 




01/10 


00/01/10/11 


0 




11 


10 


1 






00/01/11 


0 



[0197] ,n T able 2, in the case where the CGMS determination information represents 1, the CGMS checking circuit 
reports to the main data descramble circuit 1307 and the microcontroller 702 that reproduction is possible. On the other 

15 hand, in the case where the CGMS determination information represents 0, which is an inappropriate value indicating 
that illegal copying or the like is possibly made, the CGMS checking circuit reports an error to the main data descramble 
circuit 1307 and the microcontroller 702. For example, in Table 2, in the case where the medium identification infor- 
mation is 0 indicating a rewritable medium, the media CGMS data is 11 showing copy prohibited, and the original 
CGMS data is 10 showing one copying permitted, it is believed that a file which is permitted to be copied only once 

20 has been already copied once to a rewritable medium, so that only the media CGMS data becomes 11 , and the file is 
changed to be prohibited from being copied. Therefore, the output is 1 meaning that reproduction is permitted. On the 
other hand, if the file which is permitted to be copied once is illegally copied, both of the media CGMS data and the 
original CGMS data become 10 meaning that only one copying is permitted. Therefore, the CGMS determination in- 
formation is 0 meaning that reproduction is prohibited. On the other hand, the use identifying circuit 1306 internally 

25 includes use identifying information for which reproduction is permitted, and determines whether or not the scrambled 
file is to be used for something whose reproduction is permitted, by comparing the information with the use identifying 
information input from the sector header decrypting circuit 1304. In the case of the use identifying information for which 
reproduction is not permitted, an error is reported to the microcontroller 702 and the main data descramble circuit 1307. 
In the case where the data of the scrambled file is to be reproduced, a targeted block for output of the selector 1301 

30 is switched to the main data descramble circuit 1307, and read data which is input is transferred to the main data 
descramble circuit 1 307. The main data descramble circuit 1 307 receives the title key from the sector header decrypting 
circuit 1304 and performs descramble-processing of the scrambled data based on the received title key to output to 
the audio/video decoder circuit 706. 

[0198] As described above, the descramble circuit 1308 decrypts the encrypted disk key and the encrypted title key, 
35 performs descramble-processing for the main data when the title key indicates that reproduction is permitted, and 
outputs scrambled digital AV data to the audio/video decoder circuit 706. 

[0199] Next, the operation of reproduction processing of the scrambled file in the descramble circuit 1308 will be 
described with reference to the flow chart shown in Figure 23. Processing content at each step is shown below. 
[0200] (S1400): In the case where the encrypted disk key information in the lead-in area is input to the read data, a 
40 targeted block for output of the selector 1301 is set to the disk key decrypting circuit 1302, and the encrypted disk key 
is transferred to the disk key decrypting circuit 1302. The disk key decrypting circuit 1302 receives a master key from 
the master key storage section 1303, and decrypts the encrypted disk key and outputs the decrypted disk key to the 
sector header decrypting circuit 1304. 

[0201] (S1401 ): The selector 1301 separates a scramble flag from the sector header of the scrambled file read prior 
45 to reproduction, and transfers it to the microcontroller 702 via the I/O control circuit 1300. The microcontroller 702 
determines whether or not the scramble flag is 1. When the determined result is 1 , the procedure goes to step (S1402). 
When the determined result is not 1. the procedure goes to step (S1407). 

[0202] (S1402): The selector 1301 separates an encrypted sector header from the sector header of the scrambled 
file read prior to reproduction, and transfers it to the sector header decrypting circuit 1304. The sector header decrypting 
50 circuit 1304 decrypts the received encrypted sector header based on a disk key previously received from the disk key 
decrypting circuit 1302, separates it by its content, and outputs original CGMS data to the CGMS checking circuit 1305, 
outputs the use identifying information to the use identifying circuit 1306, and outputs the title key to the main data 
descramble circuit 1307. 

[0203] (S1403): The CGMS checking circuit 1305 outputs CGMS determination information in accordance with Table 
55 2 from medium identifying information received from the microcontroller 702, media CMGS data received from the 
selector 1301 and original CGMS data received from the sector header decrypting circuit 1304. In Table 2, in the case 
where CGMS determination information is 1. the CGMS checking circuit reports to the I/O control circuit 1300 and the 
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main data descramble circuit 1307 that it is a normal CGMS control information. 

[0204] (S1404): In the case where the CGMS determined result is 0, the CGMS checking circuit 1305 reports an 
error to the I/O control circuit 1300 and the main data descramble circuit 1307. In the case where the use identifying 
information indicates that reproduction is prohibited for its use, the use identifying circuit 1306 reports an error to the 
I/O control circuit 1300 and the main data descramble circuit 1307. Thus, the reproduction processing is ended. 
[0205] (S1405): The use identifying circuit 1306 determines the use identifying information received from the sector 
header decrypting circuit 1304, and in the case where reproduction is permitted, the use identifying circuit 1306 reports 
to the I/O control circuit 1300 and the main data descramble circuit 1307 that the file is one whose reproduction is 
permitted. 

[0206] (S1406): When the selector 1301 receives the main data of a scrambled file as readout data, the main data 
descramble circuit 1 307 is set as a targeted block for output thereof, and the main data is transferred thereto. The main 
data descramble circuit 1307 executes descramble-processing of the input main data, based on the title key received 
from the sector header decrypting circuit 1304. 

[0207] (S1407): In the case where the main data descramble circuit 1307 has executed the descramble-processing 
the descrambled main data is output to the audio/video decoder circuit 706. In the case where the main data descramble 
circuit 1307 has not executed the descramble-processing, the data input from the selector 1301 is output as it as to 
the audio/video decoder circuit 706. 

[0208] As described above, the descramble circuit 1308 includes the use identifying circuit, so that it is possible to 
selectively reproduce a file having the use identifying information for which reproduction is prohibited and a file having 
the use identifying information for which reproduction is permitted. 

[0209] Furthermore, the descramble circuit 1308 internally includes the selector for separating a scramble identifi- 
cation flag, so that it is possible to separate only a scramble flag so as to determine whether or not to perform de- 
scrambling. 

[0210] Furthermore, even for a disk of high security, which is hierarchically encrypted/scrambled, such as the fourth 
embodiment of the information recording medium of the present invention, by allowing the disk key decrypting circuit 
the sector header decrypting circuit, the main data descramble circuit to operate in association with each other, the 
procedure can be the same as that when descrambling is not performed. 

[0211] Furthermore, the descramble circuit includes the CGMS checking circuit 1305, so that illegally copied data 
can be detected, thus making it possible to prevent the illegally copied data from being reproduced. Furthermore, the 
descramble circuit has a mechanism which protects copyright of the information recording medium recorded a software 
which allows for control the generation of copying, namely, how many times data is copied, and permits only a prede- 
termined number of copying operations. 

[0212] Figure 24 is a block diagram showing the detailed structure of the decoder authentication circuit 601 in the 
optical disk drive 509. Hereinafter, each component will be described. Reference numeral 1500 denotes an I/O control 
circuit for controlling input and output so as to perform communication with the microcontroller 602. Reference numeral 
1 501 denotes a random number generating circuit for generating a random number, based on a time variable key input 
from the I/O control circuit 1500. Reference numeral 1502 denotes a function fk(R1) generating circuit for determining 
a function fk by a first input (represented by k in Figure 24) for determining the function, and calculating a function 
value fk(R1) from the second input (represented by R1 in Figure 24), which is an argument of the function fk, and 
outputting the function value fk(R1). Similarly, reference numeral 1503 denotes a function gk(R2) generating and 
companng circuit for calculating a function value gk(R2) from k and R2 and outputting the function value gk(R2), and 
comparing it with decoder response data input from the I/O control circuit 1500. Reference numeral 1504 denotes a 
bus key generating circuit for generating a bus key, based on two function values output from the function gk(R2) 
generating and comparing circuit 1503 and the function fk(R1) generating circuit 1502. Reference numeral 1505 de- 
notes a bus encrypting circuit for encrypting data output from the data reproducing circuit 606 in accordance with a 
bus key output from the bus key generating circuit 1504. 

[0213] Hereinafter, the operation of the decoder authentication circuit 601 will be described. 
[0214] At the time of reset and disk replacement for the optical disk drive 509, the microcontroller 602 previously 
sets a mutual authentication key k read from the sector header in the scramble information sector in the lead-in area 
of the disk to the function fk(R1) generating circuit 1502 and the function gk(R2) generating and comparing circuit 
1503 via the I/O control circuit 1500. 

[0215] The function fk(R1) generating circuit 1502 internally retains the mutual authentication key k, and thereafter 
calculates a function fk(R1) when a random number value R1 is input at the time of mutual authentication processing, 
and outputs the function fk(R1) to the bus key generating circuit 1504 and the I/O control circuit 1500. 
[0216] The bus key generating circuit 1504 internally stores the input function fk(R1). Subsequently, in the case 
where a time variable key for generating a random number is input from the microcontroller 602 via the I/O control 
circuit 1500, the random number generating circuit 1501 generates a random number R2 based on the time variable 
key and transmits back it to the I/O control circuit 1500, and outputs it to the function gk(R2) generating and comparing 
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circuit 1503. 

[0217] The function gk(R2) generating and comparing circuit 1503 which has received the random number R2 cal- 
culates the function value gk(R2) from the mutual authentication key k previously retained and the random number 
R2, and internally retains it. Furthermore, the function gk(R2) generating and comparing circuit 1503 receives decoder 

5 response data from the I/O control circuit 1500, and compares it with internally calculated function gk(R2). As a result 
of the comparison, in the case where the value of gk(R2) and the decoder response data are not matched, the function 
gk(R2) generating and comparing circuit 1503 reports that an error occurs in the mutual authentication processing to 
the microcontroller 602 via the I/O control circuit 1500. In the case where the mutual authentication processing fails, 
the processing following the mutual authentication processing such as transfer of the encrypted disk key and the en- 

io crypted title key or the like are cancelled. 

[0218] On the other hand, in the case where the two values, gk(R2) and the decoder response data, are matched, 
it is determined that the mutual authentication processing is normally ended, and the function value gk(R2) is output 
to the bus key generating circuit 1504. At this time, only in the case where the function values fk(R1) and gk(R2) are 
normally input, the bus key generating circuit 1504 generates a bus key based on the two function values fk(R1) and 

is gk(R2). and outputs the bus key to the bus encrypting circuit 1505. 

[0219] The bus encrypting circuit 1505 receives a control signal for switching mode (hereinafter, referred to as a 
mode control signal) from the microcontroller 602 via the I/O control circuit 1500. When the mode is a disk key repro- 
duction mode or a title key reproduction mode, the bus encrypting circuit 1505 performs a predetermined encrypting 
to an encrypted disk key or an encrypted title key input from the data reproducing circuit 606, based on a previously 

20 input bus key, and then outputs the result to the SCSI control circuit 600. 

[0220] On the other hand, after supplying out the encrypted title key, in the case where an actual file data is to be 
supplied out, the mode control signal is switched to the data reproduction mode, and the bus encrypting circuit 1505 
outputs the data output from the data reproducing circuit 606 to the SCSI control circuit 600 without encrypting. 
[0221] As described above, the decoder authentication circuit 601 calculates a function value determined by the 

25 mutual authentication key in the mutual authentication processing, and only in the case where the function value is 
matched with the function value supplied from the decoder, the mutual authentication processing is normally ended. 
Furthermore, in the reproduction operation, at the time of transfer of the encrypted disk key and the encrypted title key, 
key information which is further encrypted using the bus key generated in the mutual authentication processing is 
supplied out. 

30 [0222] Next, the structure of the operation of the drive authentication circuit 701 on the AV decoder card 507 and 
the SCSI control circuit incorporated AV decoder card 801 will be described with reference to the accompanying draw- 
ings. 

[0223] Figure 25 is a block diagram showing the structure of the drive authentication circuit 701 . Hereinafter, each 
component will be described. Reference numeral 1600 denotes an I/O control circuit for receiving and transmitting a 

35 control signal from and to the microcontroller 702. Reference numeral 1601 denotes a random number generating 
circuit for receiving a time variable key from the I/O control circuit 1600 so as to generate a random number R1 and 
transmitting back it to the I/O control circuit 1 600 and outputting it to a function fk(R1 ) generating and comparing circuit 
1603. Reference numeral 1602 denotes a function gk(R2) generating circuit for calculating a function gk(R2) based 
on a constant k input from the function fk(R1) generating and comparing circuit 1603 and the random number R2 input 

40 from the I/O control circuit 1600. Reference numeral 1603 denotes a function fk(R1) generating and comparing circuit 
for calculating a function value fk(R1) with respect to k which is I to n, based on R1 input from the random number 
generating circuit 1601 and comparing it with drive response data input from the I/O control circuit 1600. Reference 
numeral 1604 denotes a bus key generating circuit for generating a bus key from a function value output from the 
function gk(R2) generating circuit 1602 and a function value output from the function fk(R1 ) generating and comparing 

45 circuit 1603. Reference numeral 1605 denotes a bus decrypting circuit for decrypting data by a bus key output from 
the bus key generating circuit 1604. 

[0224] Next, the operation of the drive authentication circuit 701 will be described. 

[0225] First, at the start of the mutual authentication processing, the drive authentication circuit 701 receives a time 
variable key for a random number generation from the microcontroller 702 via the I/O control circuit 1600, and the 

so random number is generated by the random number generating circuit 1601. 

[0226] The random number generating circuit 1601 outputs the generated random number R1 to the function fk(R1) 
generating and comparing circuit 1603 and the microcontroller 702. Thereafter, the function fk(R1) generating and 
comparing circuit 1603 receives drive response data from the microcontroller 702, and calculates functions fl(R1), ff2 
(R2), f3(R3) - using the random value R1 internally retained as an t argument, and obtains k which allows the drive 

55 response data to be matched with fk(R1). At this time, in the case where k which allows matching with the drive 
response data is not obtained despite the calculation for all of the retained functions, the function fk(R1) generating 
and comparing circuit 1603 transmits back an error to the microcontroller 702 via the I/O control circuit 1600 as an 
authentication result. 
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[0227] On the other hand, in the case where k which allows the drive response data to be matched with fk(R1) is 
obtained, the function fk(R1) generating and comparing circuit 1603 transmits back a normal end to the microcontroller 
702 as an authentication result, and outputs k to the function gk(R2) generating circuit 1602 and outputs the function 
value fk(R1) to the bus key generating circuit 1604. In the case where the value of k is normally found out, the drive 
authentication circuit 701 subsequently receives the random number R2 from the microcontroller 702, and inputs it to 
the function gk(R2) generating circuit 1602. The function gk(R2) generating circuit 1602 calculates the function gk 
(R2) from the value k previously received from the function fk(R1) generating circuit 1603 and the input random number 
R2, and outputs the obtained function value to the microcontroller 702 and the bus key generating circuit 1604. 
[0228] The bus key generating circuit 1604 generates a bus key based on the previously received function values 
fk(R1) and gk(R2), and outputs the bus key to the bus decrypting circuit 1605. On the other hand, in the case where 
the function value gk(R2) supplied to the microcontroller 702 is normally authenticated by the optical disk drive 509, 
the microcontroller 702 switches the mode control signal, and switches the mode of the bus decrypting circuit 1605 to 
the disk key reproduction mode or the title key reproduction mode, so that the bus decrypting circuit is ready to be 
used for decrypting processing. 

[0229] At this time, data (encrypted disk key or encrypted title key) input from the SCSI control circuit 900 or the 
system interface circuit 700 is decrypted by the bus key previously retained in the bus decrypting circuit 1605. However, 
it is only the bus code that decrypted by the bus decrypting circuit 1605. and the encrypted disk key encrypted by the 
master key and the encrypted title key encrypted by the disk key are output as encrypted they are to the descramble 
circuit 705. 

[0230] Thereafter, when reproduction data of a scrambled file is input from the SCSI control circuit 900 or the system 
interface circuit 700, the bus decrypting circuit 1605 is switched to the data reproduction mode by the mode control 
signal from the microcontroller 702, and transfers data to the descramble circuit 705 as it is without performing de- 
crypting processing with the bus key. 

[0231] As described above, the drive authentication circuit 701 calculates a plurality of function values from the 
internally generated random number, and authenticates the drive by the matching of the drive response data with either 
one of the plurality function values. On the contrary, by receiving the random number and calculating the internal 
function values to transmit back, the drive authentication circuit is authenticated by the optical disk drive 509. In this 
manner, the mutual authentication processing is performed. 

[0232] Furthermore, for the reproduction operation, at the time of receiving the encrypted disk key and the encrypted 
title key, decrypting processing is performed using the bus key generated in the mutual authentication processing. 
[0233] Next, the protocol of the mutual authentication processing executed in the fifth and the sixth embodiments of 
the information reproducing device of the present invention will be described with reference to the accompanying 
drawings. 

[0234] Figure 26 is a flow chart for explaining the mutual authentication processing between the optical disk drive 
509 and the AV decoder card 507 or the SCSI control circuit incorporated AV decoder card 801 . 
[0235] The mutual authentication processing is executed as necessary, such as at the time of reset of the apparatus 
and disk replacement, and when a file to be read is confirmed to be a scrambled file by the file managing information. 
Each step of processing will be described below. Hereinafter, ~the AV decoder card 507 or the SCSI control circuit 
incorporated AV decoder card 801 are simply referred to as an AV decoder. Furthermore, hereinafter, a command on 
the SCSI protocol is referred to as a device command. 

[0236] (S1700): The AV decoder generates a random number R1 based on a time variable key which is variable 
over time generated using a timer or the like. 

[0237] (S1701): The optical disk drive receives the random number R1 generated by the AV decoder, by a device 
command "SEND R1". At this time, when the optical disk drive has not stored a mutual authentication key k of the 
mounted disk yet, readout of the mutual authentication key from the sector header field of the scramble information 
sector in the lead-in area is executed. 

[0238] (S1702): In the case where the optical disk drive detects an error during the procedure of step (S1701) and 
the error is reported, the procedure goes to step (S1713). When the step (S1701) is normally ended, the procedure 
goes to step (S 1703). 

[0239] (S1703): The optical disk drive receives a device command "REPORT fk(R1)", calculates a function fk(R1) 
based on the previously received random value R1 and a value of the mutual authentication key k read from the disk, 
and transmits the calculated result back to the AV decoder. In the processing described above, in the case where an 
error occurs, the optical disk drive reports the error as a result of the command processing. 

[0240] (S1704): When an error occurs during the device command "REPORT fk(R1) H processing, and the command 
processing result is an error, the procedure goes to step (S1713). When the processing result is a normal end the 
procedure goes to step (S1705). 

[0241] (S1705): The AV decoder calculates a function value fI(R1) with respect to i (i is a positive integer) from 1 to 
n (n is a positive integer), using the internally retained function value generating circuit, and compares the calculated 
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value of fl(R1 ) with the value of fk(R1 ) transmitted from the optical disk drive in (S1 703). When the AV decoder detects 
the value of i which allows for fi(R1) = fk(R1), the AV decoder internally retains the value. 

[0242] (S1 706): In the processing step (S1 705), in the case where the AV decoder cannot detect the value of i which 
allows for fI(R1) = fk(R1), the procedure goes to step (S1713). In the case where the AV decoder detects the value, 
5 the procedure goes to step (S1707). 

[0243] (S1707): The optical disk drive receives a device command, "REPORT R2" command, and generates a ran- 
dom number based on a time variable key which is variable over time in the internal random number generating mech- 
anism and transfers the random number to the AV decoder. In this step, in the case where the optical disk drive detects 
an error, the error is reported. 

10 [0244] (S1708): In the step (S1707), in the process of executing the "REPORT R2" command, in the case where an 
error occurs, the procedure goes to step (S1713). In the case where the step is normally ended, the procedure goes 
to step (S1709). 

[0245] (S1709): In the step (S1708), the AV decoder which has received the random R2 which the optical disk drive 
generates by the "REPORT R2" command calculates a function value gk(R2) based on a constant k (= I) already 

15 stored in step (S1705) and the random value R2 received from the optical disk drive in step (S1707). 

[0246] (S1710): The AV decoder which has calculated the function value gk(R2) executes a device command, "SEND 
gk(R2)" command, and transfers the function value calculated in the step (S1709) to the optical disk drive. The optical 
disk drive which has received the function value gk(R2) calculates gk(R2) using the mutual authentication key k and 
the random number R2 in the function calculating circuit included therein. Thereafter, the optical disk drive compares 

20 the function value gk(R2) received from the AV decoder and the gk(R2) calculated by the internal calculating circuit. 
In the case where the two values are matched, a normal end is reported as the processing result. On the other hand, 
in the case where an error occurs during the command processing, or in the case where the received function value 
is not matched with the internally calculated function value, an error is reported as the command processing result. 
[0247] (S1711): In the step (S1710), when the command processing result is an error, the procedure goes to step 

25 (S1713). When the command processing result is a normal end, the procedure goes to step (S1712). 

[0248] (S1712): The AV decoder generates a bus key BK using the internally retained bus key generating circuit, 
based on the two function values fk(R1) and gk(R2) acquired in the mutual authentication processing. Similarly, the 
optical disk drive also generates a bus key BK using the internally retained bus key generating circuit, based on the 
two function values acquired in the mutual authentication processing. (Herein, the bus keys BK generated by the optical 

30 disk drive and the AV decoder in the mutual authentication processing are identical.) 

[0249] (S1 713): In the case where an error occurs during the execution of the device command, the error is reported 
and the mutual authentication processing is cancelled in this step. 

[0250] By performing the mutual authentication processing in the manner as described above, key information can 
be transferred after the optical disk drive confirms that the data is not to be transferred to an apparatus which performs 
35 illegal copying. Thus, there is an effect of concealing the key information for performing descrambling. Therefore, an 
effect of preventing the scramble system from being illegally decrypted can be provided. 

[0251] Furthermore, since it is possible to perform decrypting of key information and descrambling of data after 
confirming that the apparatus from which the AV decoder receives data does not transfer illegally copied data, an effect 
of preventing illegally copied data from being reproduced can be provided. 
40 [0252] Furthermore, since a different bus key for every mutual authentication processing is generated, effects of 
preventing the key information from being illegally read and preventing the encrypting/scrambling system from being 
illegally decrypted can be provided. 

[0253] Furthermore, since different functions are used between in the case where the optical disk drive authenticates 
the AV decoder in the mutual authentication and in the case where the AV decoder authenticates the optical disk drive, 
45 the security against the act of decrypting the mutual authentication operation system for the purpose of illegally exe- 
cuting the mutual authentication operation is high. 

[0254] Furthermore, in the mutual authentication processing, since time variable keys generated by each of the 
optical disk drive and the AV decoder are used, different random number values are generated every time the mutual 
authentication processing is executed, different function values are transferred, and different bus keys are generated. 
so Therefore, the security against the act of decrypting the mutual authentication operation system for the purpose of 
illegally executing the mutual authentication operation is high. 

[0255] Furthermore, by using the mutual authentication key recorded on the information recording medium for the 
mutual authentication processing, the security against the act of decrypting the mutual authentication operation system 
for the purpose of illegally executing the mutual authentication operation is high. 
55 [0256] Although the fourth embodiment of the information recording medium of the present invention has been de- 
scribed above as an example, the third embodiment of the information recording medium of the present invention can 
be processed in the same manner. 
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INDUSTRIAL APPLICABILITY 

[0257] The Information recording medium of the present invention includes a lead-in area and a data recording area. 
Scrambled data recorded in the data recording area is descrambled based on the key information recorded in the lead- 
in area. Thus, by recording the key information in the lead-in area, security is enhanced. This is because the drive 
device of the information recording medium can directly access the lead-in area, while devices other than the drive 
device (e.g., a personal computer) cannot directly access the lead-in area. Furthermore, by recording the key infor- 
mation in the lead-in area, it is unnecessary to provide readout means dedicated to reading the key information. 
[0258] Another information recording mediums of the present invention includes the lead-in area and the data re- 
cording area. Scrambled data is descrambled based on the first key information recorded in the lead-in area and the 
second key information recorded in the data recording area. Thus, since the key information for descrambling is dou- 
bled, security is enhanced. 

[0259] According to the information reproducing device of the present invention, the mutual authentication processing 
is performed before the scrambled data is transmitted to the decoding device. By the mutual authentication processing, 
two components mutually confirms that the other is normal. Thus, security is enhanced. 

[0260] According to the information reproducing device of the present invention, the mutual authentication processing 
is performed between the reading device and the decoding device. When the mutual authentication processing is 
normally ended, the bus key information common to the reading device and the decoding device is generated, and 
key information encrypted by the bus key information is transmitted from the reading device to the decoding device. 
In this manner, after the mutual authentication processing is performed, the common bus key is further used, so that 
it is mutually confirmed that the other is normal. Thus, security is enhanced. 



Claims 

1. An information recording disk medium comprising a lead-in area and a data recording area, wherein 

the lead-in area is not accessible by devices other than a disk reproducing device, 

first key information is recorded in the lead-in area, 

scrambled data is recorded in the data recording area and, 

the scrambled data is descrambleable based on the first key information. 

2. An information recording medium according to claim 1 , wherein 

second key information and scrambled data are recorded in the data recording area, and 
the scrambled data is descrambleable based on information obtained by converting the second key infor- 
mation based on the first key information. 

3. An information recording medium according to claim 2, wherein the data recording area is divided into a plurality 
of sectors, each of the plurality of sectors including a sector header field where information for identifying the sector 
is recorded and a main data field where the scrambled data is recorded, and the second key information is recorded 
in the sector header field. 

4. An information recording medium according to claim 2, wherein the second key information is encrypted by the 
first key information, and the information is obtained by decrypting the encrypted second key information. 

5. An information recording medium according to claim 4, wherein the first key information is encrypted by master 
key information. 

6. An information recording medium according to claim 4, wherein a plurality of first key information is recorded in 
the lead-in area, and the plurality of first key information are encrypted by a plurality of different master key infor- 
mation. 

7. An information recording medium according to claim 2, wherein a scramble flag for indicating whether or not data 
recorded in the data recording area is scrambled is further recorded in the information recording medium. 

8. An information recording medium according to claim 7, wherein the data recording area is divided into a plurality 
of sectors, each of the plurality of sectors including a sector header field where information for identifying the sector 
is recorded and a main data field where the scrambled data is recorded, and the scramble flag is recorded in the 
sector header field. 
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9. An information recording medium according to claim 7, wherein the data recording area includes an area where 
a plurality of files are recorded and a file management area where information for managing the plurality of files 
is recorded, and the scramble flag is recorded in the file management area. 

10. An information recording medium according to claim 2, wherein mutual authentication key information for perform- 
ing mutual authentication between a reading device for reading the scrambled data and a decoding device including 
a descramble circuit for descrambling the scrambled data is further recorded in the lead-in area. 

11. An information recording medium according to claim 2, wherein the information is an initial value for generating a 
random number sequence, and the scrambled data is descrambled by performing a logical operation to the random 
number sequence. 

12. An information recording medium according to claim 2, wherein the data recording area is divided into a plurality 
of sectors, each of the plurality of sectors including a sector header field where information for identifying the sector 
is recorded and a main data field where the scrambled data is recorded, and information for identifying use of the 
information recording medium is recorded in the sector header field. 

13. An information reproducing device comprising: 

a reading circuit for reading from an information recording medium as defined in claim 1 . the scrambled data 
from the data recording area and the key information from the lead-in area, the key information to be used for 
descrambling the scrambled data; and 
a decoding device; 

wherein the reading circuit comprises an authentication circuit for authenticating the decoding device to trans- 
mit information corresponding to the key information to the decoding device before transmitting the scrambled 
data to the decoding device; and wherein the decoding device comprises a descramble circuit for descrambling 
the scrambled data based on said key information obtained from said information corresponding to the key 
information. 

14. An information reproducing device according to claim 13, 

wherein the information recording medium includes a lead-in area and a data recording area, and 
the key information includes first key information recorded in the lead-in area and second key information 
recorded in the data recording area. 

15. An information reproducing device comprising: 

a reading device for reading from an information recording medium as defined inclaim 1, the scrambled data 
from the data recording area and the key information from the lead-in area, the key information to be used for 
descrambling the scrambled data; and 
a decoding device, the decoding device comprising: 

an authentication circuit for authenticating the reading device to receive information corresponding to the 
key information from the reading device before receiving the scrambled data; and 
a descramble circuit for descrambling the scrambled data received from the reading device based on said 
key information obtained from said information corresponding to the key information. 

16. An information reproducing device according to claim 15, 

wherein the information recording medium includes a lead-in area and a data recording area, and 
the key information includes first key information recorded in the lead-in area and second key information 
recorded in the data recording area. 

17. An information reproducing device according to claim 16, wherein the descramble circuit descrambles the scram- 
bled data based on information obtained by converting the second key information based on the first key informa- 
tion. 

18. An information reproducing device according to claim 13, further comprising: 

a decoding section including a descramble circuit for descrambling the scrambled data. 
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19. An information reproducing device according to claim 18, wherein the information recording medium includes a 
lead-in area and a data recording area, and the key information includes first key information recorded in the lead- 
in area and second key information recorded in the data recording area. 

20. An information reproducing device according to claim 19, wherein the descramble circuit descrambles the scram- 
bled data based on information obtained by converting the second key information based on the first key informa- 
tion. 

21. An information reproducing device according to claim 18, wherein a scramble flag for indicating whether or not 
data recorded in the data recording area is scrambled is further recorded in the information recording medium, 

the information reproducing device further comprising a control circuit for controlling whether or not the au- 
thentication circuit is to be activated depending on the scramble flag. 

22. An information reproducing device according to claim 18, wherein authentication by the authentication circuit is 
performed by using a predetermined function. 

23. An information reproducing device according to any one of claims 13, 15 and 18, wherein authentication by the 
authentication circuit is performed by using information changing over time. 

24. An information reproducing device according to claim 19, wherein the authentication circuit generates bus key 
information in the case where authentication processing is normally ended, and encrypts the first key information 
and the second key information using the bus key information. 

25. An information reproducing device according to claim 24, wherein the authentication circuit decrypts the encrypted 
first key information and the encrypted second key information using the bus key information. 

26. An information reproduction method for reproducing scrambled data the method comprising the steps of: 

using a reading device for reading from an information recording medium as defined in claim 1 the scrambled 
data from the data area recording and the key information from the lead-in area, the key information to be 
used for descrambling the scrambled data and a decoding device including a descramble circuit for descram- 
bling the scrambled data, 

performing mutual authentication processing between the reading device and the decoding device; 
generating bus key information common to the reading device and the decoding device in the case where the 
mutual authentication processing is normally ended between the reading device and the decoding device; 
encrypting the key information in accordance with the bus key information; and 
transmitting the encrypted key information from the reading device to the decoding device. 



Patentansprtiche 

1 . Informationsaufzeichnungs-Plattenmedium, das einen Einfuhrungsbereich und einen Datenaufzeichnungsbereich 
umfasst, wobei 

auf den Einfuhrungsbereich durch Vorrichtungen, die von einer Plattenwiedergabevorrichtung verschieden 
sind, nicht zugegriffen werden kann, 

in dem Einfuhrungsbereich erste SchlQsselinformationen aufgezeichnet sind, 

in dem Datenaufzeichnungsbereich verwGrfelte Daten aufgezeichnet sind und 

die verwurfelten Daten anhand der ersten SchlQsselinformationen entwQrfelt werden kflnnen. 

2. Informationsaufzeichnungsmedium nach Anspruch 1 , bei dem 

in dem Datenaufzeichnungsbereich zweite SchlQsselinformationen und verwGrfelte Daten aufgezeichnet 
sind und 

die verwurfelten Daten anhand von Informationen, die durch Umsetzen der zweiten Schlusselinformationen 
anhand der ersten Schlusselinformationen erhalten werden, entwQrfelt werden konnen. 

3. Informationsaufzeichnungsmedium nach Anspruch 2, bei dem der Datenaufzeichnungsbereich in mehrere Sek- 
toren unterteilt ist, wobei jeder der mehreren Sektoren ein Sektorkopffeld, in dem Informationen fQr die Identifizie- 
rung des Sektors aufgezeichnet sind, und ein Hauptdatenfeld, in dem die verwQrfelten Daten aufgezeichnet sind, 
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umfasst, und die zweiten SchlQsselinformationen in dem Sektorkopffeld aufgezeichnet sind. 

4. Informationsaufeeichnungsmedium nach Anspruch 2, bei dem die zweiten SchlQsselinformationen durch die ersten 
SchlQsselinformationen verschlOsselt sind und die Informationen durch Entschlusseln der verschlOsselten zweiten 
SchlQsselinformationen erhalten werden. 

5. Informationsaufzeichnungsmedium nach Anspruch 4, bei dem die ersten SchlQsselinformationen durch Master- 
Schlusselinformationen verschlusselt sind. 

6. Informationsaufeeichnungsmedium nach Anspruch 4, bei dem mehrere erste SchlQsselinformationen in dem Ein- 
fQhrungsbereich aufgezeichnet sind und die mehreren ersten SchiOsselinformationen durch mehrere verschiedene 
Master-SchlQssel informationen verschlQsselt sind. 

7. Informationsaufeeichnungsmedium nach Anspruch 2, bei dem in dem Informationsaufzeichnungsmedium femer 
ein VerwGrfelungsmerker aufgezeichnet ist, der angibt, ob Daten, die in dem Datenaufzeichnungsbereich aufge- 
zeichnet sind, verwurfelt sind. 

8. Informationsaufzeichnungsmedium nach Anspruch 7, bei dem der Datenaufzeichnungsbereich in mehrere Sek- 
toren unterteilt ist, wobei jeder der mehreren Sektoren ein Sektorkopffeld, in dem Informationen fQr die Identifizie- 
rung des Sektors aufgezeichnet sind, und ein Hauptdatenfeld, in dem die verwQrfelten Daten aufgezeichnet sind, 
umfasst, und der VerwQrfelungsmerker in dem Sektorkopffeld aufgezeichnet ist. 

9. Informationsaufzeichnungsmedium nach Anspruch 7, bei dem der Datenaufzeichnungsbereich einen Bereich, in 
dem mehrere Dateien aufgezeichnet sind, und einen Dateimanagementbereich, in dem Informationen fQr das 
Management der mehreren Dateien aufgezeichnet sind, umfasst und der VerwQrfelungsmerker in dem Dateima- 
nagementbereich aufgezeichnet ist. 

10. Informationsaufzeichnungsmedium nach Anspruch 2, bei dem in dem EinfQhrungsbereich femer SchiOsselinfor- 
mationen zur gegenseitigen Authentifizierung enthalten sind, um eine gegenseitige Authentifizierung zwischen 
einer Lesevorrichtung zum Lesen der verwQrfelten Daten und einer Decodierungsvorrichtung, die eine EntwOrfe- 
lungsschaltung zum EntwQrfeln der verwQrfelten Daten enthalt, auszufOhren. 

11. Informationsaufeeichnungsmedium nach Anspruch 2, bei dem die Informationen ein Anfangswert fQr die Generie- 
rung einer Zufallszahlenfolge sind und die verwQrfelten Daten durch AusfQhren einer logischen Operation an der 
Zufallszahlenfolge entwQrfelt werden. 

12. Informationsaufzeichnungsmedium nach Anspruch 2, bei dem der Datenaufzeichnungsbereich in mehrere Sek- 
toren unterteilt ist, wobei jeder der mehreren Sektoren ein Sektorkopffeld, in dem Informationen fur die Identifizie- 
rung des Sektors aufgezeichnet sind, und ein Hauptdatenfeld, in dem die verwQrfelten Daten aufgezeichnet sind, 
enthalt und Informationen, die fur die Identifizierung des Informationsaufeeichnungsmediums verwendet werden, 
in dem Sektorkopffeld aufgezeichnet sind. 

13. Informationswiedergabevorrichtung, die umfasst: 

eine Leseschaltung, um von einem Informationsaufeeichnungsmedium nach Anspruch 1 aus dem Datenauf- 
zeichnungsbereich die verwQrfelten Daten und aus dem EinfQhrungsbereich die SchlQsselinformationen zu 
lesen, wobei die SchlQsselinformationen zum EntwQrfeln der verschlOsselten Daten verwendet werden; und 
eine Decodierungsvorrichtung; 

wobei die Leseschaltung eine Authentiftzierungsschaltung umfasst, um die Decodierungsvorrichtung zu au- 
thentifizieren, um Informationen, die den SchlQsselinformationen entsprechen, an die Decodierungsvorrichtung 
zu Qbertragen, bevor die verwQrfelten Daten an die Decodierungsvorrichtung Qbertragen werden; und wobei die 
Decodierungsvorrichtung eine EntwQrfelungsschaltung umfasst, um die verwQrfelten Daten anhand der SchlQs- 
selinformationen, die aus den den SchlQsselinformationen entsprechenden Informationen erhalten werden, zu 
entwQrfeln. 

14. I nformationswiederga be vorrichtung nach Anspruch 13, 

bei der das Informationsaufzeichnungsmedium einen EinfQhrungsbereich und einen Datenaufzeichnungs- 
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bereich enthalt und 

die Schlusselinformationen erste SchlQsselinformationen, die in dem EinfQhrungsbereich aufgezeichnetsind, 
und zweite SchlQsselinformationen, die in dem Datenaufzeichnungsbereich aufgezeichnet sind, enthalten. 

15. Informationswiedergabevorrichtung, die umfasst: 

eine Lesevorrichtung, urn aus einem Informationsaufzeichnungsmedium nach Anspruch 1 aus dem Daten- 
aufzeichnungsbereich die verwQrfelten Daten und aus dem Einfuhrungsbereich die Schlusselinformationen 
zu lesen, wobei die SchlQsselinformationen far die Entwurfelung der verwQrfelten Daten zu verwenden sind; 
und 

eine Decodierungsvorrichtung, wobei die Decodierungsvorrichtung umfasst: 

eine Authentifizierungsschaltung, urn die Lesevorrichtung dafQr zu authentifizieren, dass sie den SchlOs- 
selinformationen entsprechende Informationen von der Lesevorrichtung empfangt, bevor sie die verwQr- 
felten Daten empfangt; und 

eine EntwQrfelungsschaltung, urn die verwQrfelten Daten, die von der Lesevorrichtung empfangen werden, 
anhand der SchlQsselinformationen, die aus den den SchlQsselinformationen entsprechenden Informa- 
tionen erhalten werden, zu entwQrfeln. 

16. I nformationswiedergabevorrichtung nach Anspruch 15, 

wobei das Informationsaufzeichnungsmedium einen EinfQhrungsbereich und einen Datenaufzeichnungsbe- 
reich enthalt und 

die Schlusselinformationen erste SchlQsselinformationen, die in dem EinfQhrungsbereich aufgezeichnet sind , 
und zweite SchlQsselinformationen, die in dem Datenaufzeichnungsbereich aufgezeichnet sind, enthalten. 

1 7. Informationswiedergabevorrichtung nach Anspruch 1 6, bei der die EntwQrfelungsschaltung die verwQrfelten Daten 
anhand von Informationen entwQrfelt, die durch Umsetzen der zweiten SchlQsselinformationen anhand der ersten 
Schlusselinformationen erhalten werden. 

18. Informationswiedergabevorrichtung nach Anspruch 13, die femer umfasst: 

einen Decodierungsabschnitt, der eine EntwQrfelungsschaltung zum EntwQrfein der verwQrfelten Daten ent- 
halt. 

1 9. Informationswiedergabevorrichtung nach Anspruch 1 8, bei der das Informationsaufeeichnungsmedium einen Ein- 
fQhrungsbereich und einen Datenaufzeichnungsbereich enthSIt und 

die SchlQsselinformationen erste SchlQsselinformationen, die in dem EinfQhrungsbereich aufgezeichnetsind, 
und zweite SchlQsselinformationen, die in dem Datenaufzeichnungsbereich aufgezeichnet sind, enthalten. 

20. Informationswiedergabevorrichtung nach Anspruch 19, bei derdie EntwQrfelungsschaltung die verwQrfelten Daten 
anhand von Informationen entwQrfelt, die durch Umsetzen der zweiten SchlQsselinformationen anhand der ersten 
SchlQsselinformationen erhalten werden. 

21. Informationswiedergabevorrichtung nach Anspruch 18, bei der in dem Informationsaufzeichnungsmedium femer 
ein VerwQrfelungsmerker aufgezeichnet ist, der angibt, ob Daten, die in dem Datenaufzeichnungsbereich aufge- 
zeichnet sind, verwQrfelt sind Oder nicht, 

wobei die Informationswiedergabevorrichtung ferner eine Steuerschaltung umfasst, um in Abhangigkeit von 
dem VerwQrfelungsmerker zu steuern, ob die Authentifizierungsschaltung zu aktivieren ist oder nicht. 

22. Informationswiedergabevorrichtung nach Anspruch 18, bei der die Authentifizierung durch die Authentifizierungs- 
schaltung unter Verwendung einer vorgegebenen Funktion ausgefuhrt wird. 

23. Informationswiedergabevorrichtung nach einem der AnsprQche 13, 15 und 18, bei der die Authentifizierung durch 
die Authentifizierungsschaltung unter Verwendung von zeitlich veranderlichen Informationen ausgefQhrt wird. 

24. Informationswiedergabevorrichtung nach Anspruch 19, bei derdie Authentifizierungsschaltung BusschlQsselinfor- 
mation erzeugt, falls die Authentifizierungsverarbeitung normal beendet wird, und die ersten SchlQsselinformatio- 
nen und die zweiten SchlQsselinformationen unter Verwendung der BusschlQsselinformationen verschlQsselt. 
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25. Informationswiedergabevorrichtung nach Anspruch 24, bei der die Authentifizierungsschaltung die verschlQsselten 
ersten Schlusselinformationen und die verschlQsselten zweiten Schlusselinformationen unter Verwendung der 
Busschlusselinformationen entschlQsselt. 

5 26. Informationswiedergabeverfahren zum Wiedergeben verwQrfelter Daten, wobei das Verfahren die folgenden 
Schritte umfasst: 

Verwenden einer Lesevonichtung, urn aus einem Informationsaufzeichnungsmedium nach Anspruch 1 aus 
dem Datenaufzeichnungsbereich die verwQrfelten Daten und aus dem EinfQhrungsbereich die SchlQsselin- 
10 formationen zu lesen, wobei die Schlusselinformationen fur die Entwurfelung der verwurfelten Daten zu ver- 

wenden sind, und einer Decodierungsvonichtung, die eine EntwQrfelungsschaltung enthalt, um die verwurfel- 
ten Daten zu entwQrfeln, 

Ausfuhren einer Verarbeitung zur gegenseitigen Authentifizierung zwischen der Lesevonichtung und der De- 
codierungsvonichtung; 

15 Erzeugen von BusschlOsselinformationen. die der Lesevonichtung und der Decodierungsvonichtung gemein- 

sam sind, falls die Verarbeitung zur gegenseitigen Authentifizierung zwischen der Lesevonichtung und der 
Decodierungsvonichtung normal beendet wird; 

Verschlusseln der Schlusselinformationen in Ubereinstimmung mit den Busschlusselinformationen; und 
Obertragen der verschlQsselten Schlusselinformationen von der Lesevonichtung an die Decodierungsvorrich- 
20 tung. 

Revendications 

25 1. Support d'enregistrement d'informations de type disque, comprenant une zone de guidage d'entree et une zone 
d'enregistrement de donnees, dans lequel 

la zone de guidage d'entree n'est pas accessible par des dispositifs autres qu'un dispositrf de reproduction 
de disque, 

des informations de premiere cle sont enregistrees dans la zone de guidage d'entree, 
30 des donnees brouillees sont enregistrees dans la zone d'enregistrement de donnees et, 

les donnees brouillees peuvent etre desembrouillees sur la base des informations de premiere cle. 

2. Support d'enregistrement d'informations seion la revendication 1 , dans lequel 

des informations de seconds cle et des donnees brouillees sont enregistrees dans la zone d'enregistrement 
35 de donnees, et 

les donnees brouillees peuvent etre desembrouillees sur la base d'informations obtenues en convertissant 
les informations de seconde cle sur la base des informations de premiere cle. 

3. Support d'enregistrement d'informations selon la revendication 2, dans lequel la zone d'enregistrement de donnees 
40 est divisee en une pluralite de secteurs, chaque secteur de la plurality des secteurs comprenant un champ d'en- 

tSte de secteur ou des informations destinees a identifier le secteur sont enregistrees et un champ de donnees 
principal ou les donnees brouillees sont enregistrees, et les informations de seconde cle sont enregistrees dans 
le champ d'en-tete de secteur. 

45 4. Support d'enregistrement d'informations selon la revendication 2, dans lequel les informations de seconde cle sont 
cryptees grace aux informations de premiere cle, et les informations sont obtenues en decryptant les informations 
de seconde cle cryptees. 

5. Support d'enregistrement d'informations selon la revendication 4, dans lequel les informations de premiere cle 
so sont cryptees grace a des informations de cle pnncipale. 

6. Support d'enregistrement d'informations selon la revendication 4, dans lequel une pluralite d'informations de pre- 
miere cle sont enregistrees dans la zone de guidage d'entree, et la pluralite des informations de premiere cle sont 
cryptees grace a une pluralite d'informations de cle pnncipale differentes. 
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7. Support d'enregistrement d'informations selon la revendication 2, dans lequel un indicateur de brouillage destine 
a indiquer si les donnees enregistrees dans la zone d'enregistrement de donnees sont brouillees ou non, est en 
outre enregistre dans le support d'enregistrement d'informations. 
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10. 



Support d enregistrement d'informations selon la revendication 7. dans lequel la zone d'enregistrement de donnees 
est divisee en une pluralite de secteurs. chaque secteur de la pluralite des secteurs comprenant un champ d'en- 
tete de secteur ou des informations destinees a identifier Is secteur sont enregistrees et un champ de donnees 
principal ou les donnees brouillees sont enregistrees, et l indicateur de brouillage est enregistre dans le champ 
d en-tete de secteur. K 

Support d'enregistrement d'informations selon la revendication 7. dans lequel la zone d'enregistrement de donnees 
comprend une zone ou une pluralite de fichiers sont enregistres et une zone de gestion de fichiers ou des infor- 
mations destinees a gerer la pluralite des fichiers sont enregistrees. et I'indicateur de brouillage est enregistre 
dans la zone de gestion de fichiers. ^™ 

Support d'enregistrement d'informations selon la revendication 2. dans lequel des informations de cle d'authenti- 
fication mutual e , destinees a executor une authentification mutuelle entre un dispositif de lecture destine a lire les 
donnees brouillees et un dispositif de decodage comprenant un circuit de desembrouillage destine a desem- 
brouiller les donnees brouillees. sont en outre enregistrees dans la zone de guidage d'entree. 

11. Support d'enregistrement d'informations selon la revendication 2. dans lequel les informations represented une 
valeur initiate destines a generer une sequence de nombres aleatoires, et les donnees brouillees sont d6sem- 
brouiliees en executant une operation logique sur la sequence de nombres aleatoires. 

12. Support d'enregistrement d'informations selon la revendication 2. dans lequel la zone d'enregistrement de donnees 
est divisee en une pluralite de secteurs, chaque secteur de la pluralite des secteurs comprenant un champ d'en- 
tete de secteur ou des informations destinies a identifier le secteur sont enregistrees et un champ de donnees 
principal I ou les donn6es brouillees sont enregistrees, et des informations destinies e identifier ('utilisation du 
support d enregistrement d'informations sont enregistrees dans le champ d'en-tete de secteur. 

13. Dispositif de reproduction d'informations comprenant : 

un circuit de lecture destine a lire a partird'un support d'enregistrement d'informations, tel que d6fini dans la 
revendication 1, les donnees brouillees. depuis la zone d'enregistrement de donnees et les informations de 
cl6 depuis la zone de guidage d'entree. les informations de cle devant Stre utilisees pour desembrouiller les 
donnees brouillees, et 
un dispositif de decodage, 

dans lequel le circuit de lecture comprend un circuit d'authentification destine a authentifier le dispositif de 
decodage pour transmettre des informations correspondant aux informations de cle au dispositif de decodage 
avant de transmettre les donnees brouillees au dispositif de decodage. et dans lequel le dispositif de decodage 
comprend un circuit de desembrouillage destine * desembrouiller les donnees brouill6es sur la base desdites 
informations de cle obtenues a partir desdites informations correspondant aux informations de cl6. 

14. Dispositif de reproduction d'informations selon la revendication 13. 

dans lequel le support d'enregistrement d'informations comprend une zone de guidage d'entr6e et une zone 
d'enregistrement de donn6es. et ^ zone 

„ w ' e$ i " f ° rma, i ons de d6 «>".Prennent des informations de premiere cle enregistrees dans la zone de guidage 
d entree et des informations de seconde cl6 enregistrees dans la zone d'enregistrement de donnees. 

15. Dispositif de reproduction d'informations comprenant : 

un dispositif de lecture destine a lire a partird'un support d'enregistrement d'informations, tel que defini dans 
la revendication 1 , les donnees brouillees, depuis la zone d'enregistrement de donnees et les informations de 
cie depuis la zone de guidage d'entree. les informations de cle devant etre utilisees pour desembrouiller les 
donnees brouillees, et 

un dispositif de decodage, le dispositif de decodage comprenant • 

un circuit d'authentification destine e authentifier le dispositif de lecture pour recevoir des informations cor- 
respondant aux informations de cl6 depuis le dispositif de lecture avant de recevoir les donnees brouillees et 
un circuit de desembrouillage destine e desembrouiller les donnees brouillees recues depuis le dispositif 'de 
lecture sur la base desdites informations de cl6 obtenues e partir desdites informations correspondant aux 
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16. Dispositff de reproduction d'informations seton la revendication 15, 

dans lequel le support d'enregistrement d'informations comprend une zone de guidage d'entree et une zone 
d'enregistrement de donnees, et 

les informations de cle comprennent des informations de premiere cle enregistrees dans la zone de guidage 
d'entree et des informations de seconde cle enregistrees dans la zone d'enregistrement de donnees. 

17. Dispositif de reproduction d'informations selon la revendication 16, dans lequel le circuit de desembrouiilage de- 
sembrouille les donnees brouillees sur la base d'informations obtenues en convertissant les informations de se- 
conde cle sur la base des informations de premiere cle. 

18. Dispositif de reproduction d'informations selon la revendication 13. comprenant en outre : 



une section de decodage comprenant un circuit de desembrouiilage destin6 a desembrouiller les donnees 
brouillees. 

15 

19. Dispositif de reproduction d'informations selon la revendication 18, dans lequel le support d'enregistrement d'in- 
formations comprend une zone de guidage d'entree et une zone d'enregistrement de donnees, et 

les informations de cle comprennent des informations de premiere cle enregistrees dans la zone de guidage 
d'entree et des informations de seconde cle enregistrees dans la zone d'enregistrement de donnees. 

20 

20. Dispositif de reproduction d'informations selon la revendication 19, dans lequel le circuit de d6sembrouillage de- 
sembrouille les donnees brouillees sur la base d'informations obtenues en convertissant les informations de se- 
conde cle sur la base des informations de premiere cle. 

25 21 . Dispositif de reproduction d'informations selon la revendication 18, dans lequel un indicateur de brouillage destine 
a indiquer si des donnees enregistrees dans la zone d'enregistrement de donnees sont brouillees ou non, est en 
outre enregistre dans le support d'enregistrement d'informations, 

le dispositif de reproduction d'informations comprenant en outre un circuit de commande destin6 a comman- 
der si le circuit d'authentification doit etre active ou non, en fonction de I'indicateur de brouillage. 

30 

22. Dispositif de reproduction d'informations selon la revendication 18, dans lequel une authentication est executee 
par le circuit d'authentification en utilisant une fonction predetermined. 



23. Dispositif de reproduction d'informations selon Tune quelconque des revendications 13, 15 et 18, dans lequel une 
35 authentication est executee par le circuit d'authentification en utilisant des informations qui varient dans le temps. 

24. Dispositif de reproduction d'informations selon la revendication 19, dans lequel le circuit d'authentification genere 
des informations de cle de bus dans le cas ou le traitement d'authentification se termine normalement, et crypte 
les informations de premiere cle et les informations de seconde cle en utilisant les informations de cle de bus. 

40 

25. Dispositif de reproduction d'informations selon la revendication 24, dans lequel le circuit d'authentification decrypte 
les informations de premiere cle cryptees et les informations de seconde cle cryptees en utilisant les informations 
de cle de bus. 



45 26. Precede de reproduction d'informations destine a reproduire des donnees brouillees, le procede comprenant les 
etapes consistant a : 

utiliser un dispositif de lecture destine a lire a partir d'un support d'enregistrement d'informations, tel que deTmi 
dans la revendication 1 , les donnees brouillees, depuis la zone d'enregistrement de donnees et les informa- 
50 tions de cle depuis la zone de guidage d'entree, les informations de cle devant etre utilisees pour desem- 

brouiller les donnees brouillees, et un dispositif de decodage comprenant un circuit de desembrouiilage destine 
a desembrouiller les donnees brouillees, 

executer un traitement d'authentification mutuelle entre le dispositif de lecture et le dispositif de decodage, 
generer des informations de cle de bus communes au dispositif de lecture et au dispositif de decodage dans 
55 le cas ou le traitement d'authentification mutuelle entre le dispositif de lecture et le dispositif de decodage, se 

termine normalement, 

crypter les informations de cle conformement aux informations de cle de bus, et 

transmettre les informations de cle cryptees du dispositif de lecture au dispositif de decodage. 
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